healer | a926b952316f6e870d848e93a6e4f290037a878e172e283b06e878c97d5e5803 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a926b952316f6e870d848e93a6e4f290037a878e172e283b06e878c97d5e5803
Size

934KB
Sample

230924-bses6adb88
MD5

7f835f6756614ff9064099d8e2590253
SHA1

2f007acdfb919c01b49308f034cf7bd6a06f237f
SHA256

a926b952316f6e870d848e93a6e4f290037a878e172e283b06e878c97d5e5803
SHA512

27efdbb217bbb948722271b356d0ce63fdfe41752ad6e741fc687a1433fa5f7791ee762c824638d24a2c6eaf6dd437c6d5421d53165373eb3946327fe09437ff
SSDEEP

24576:RyvdC6WwkOVvq+LX43g/KKPqE0PTAoNVmqiz+:EU6WwXA3kqEmZ

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  a926b952316f6e870d848e93a6e4f290037a878e172e283b06e878c97d5e5803
- Size
  
  934KB
- MD5
  
  7f835f6756614ff9064099d8e2590253
- SHA1
  
  2f007acdfb919c01b49308f034cf7bd6a06f237f
- SHA256
  
  a926b952316f6e870d848e93a6e4f290037a878e172e283b06e878c97d5e5803
- SHA512
  
  27efdbb217bbb948722271b356d0ce63fdfe41752ad6e741fc687a1433fa5f7791ee762c824638d24a2c6eaf6dd437c6d5421d53165373eb3946327fe09437ff
- SSDEEP
  
  24576:RyvdC6WwkOVvq+LX43g/KKPqE0PTAoNVmqiz+:EU6WwXA3kqEmZ
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan