healer | 00dc8c56d6eaf6b808c3e88e6180b7983ce63c8bed1da6aee6c686cc9af09cf7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00dc8c56d6eaf6b808c3e88e6180b7983ce63c8bed1da6aee6c686cc9af09cf7
Size

933KB
Sample

230924-b8xc5sbf6z
MD5

42ece5b93802f69e890e6ac85d7de746
SHA1

c5107b354b65e89105a75bf67bef22b9dc487bc0
SHA256

00dc8c56d6eaf6b808c3e88e6180b7983ce63c8bed1da6aee6c686cc9af09cf7
SHA512

5637bf4498c35e5c8b5c40458d7c2d3b0537c46a882b5e66e0afc1791822748a5e37cc458ab5d891bc415c746ed22e63c8b821e7d9d92e1c79bbcaf223c77350
SSDEEP

24576:PycQURopYKSICPIN2OLkdt7hPB+BLI7fmN:awOpnScJLkBPBkI

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  00dc8c56d6eaf6b808c3e88e6180b7983ce63c8bed1da6aee6c686cc9af09cf7
- Size
  
  933KB
- MD5
  
  42ece5b93802f69e890e6ac85d7de746
- SHA1
  
  c5107b354b65e89105a75bf67bef22b9dc487bc0
- SHA256
  
  00dc8c56d6eaf6b808c3e88e6180b7983ce63c8bed1da6aee6c686cc9af09cf7
- SHA512
  
  5637bf4498c35e5c8b5c40458d7c2d3b0537c46a882b5e66e0afc1791822748a5e37cc458ab5d891bc415c746ed22e63c8b821e7d9d92e1c79bbcaf223c77350
- SSDEEP
  
  24576:PycQURopYKSICPIN2OLkdt7hPB+BLI7fmN:awOpnScJLkBPBkI
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan