healer | 43cc48d58bc8f16357b664facb2067e7de4e9ed732e670577ae0322cd4b1d891 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43cc48d58bc8f16357b664facb2067e7de4e9ed732e670577ae0322cd4b1d891
Size

1.1MB
Sample

231001-3aqw9aed2y
MD5

61a00bc79ddbda3a472b94b508906b23
SHA1

83f13b6f7823c2e1e840d84fde686a8374549686
SHA256

43cc48d58bc8f16357b664facb2067e7de4e9ed732e670577ae0322cd4b1d891
SHA512

ea1545beb977aec11a782ce9b91c8d3d36acdc0088b12826f632aeb1e781a70f1e9ec7001337316b4af7bd5579ff700715dcf85c7d05055e16c225ed036a7195
SSDEEP

24576:yyau/IxE9cisriYZdGY66ht7TsNXrhllD:ZaQZvYZdG8KN1ll

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  43cc48d58bc8f16357b664facb2067e7de4e9ed732e670577ae0322cd4b1d891
- Size
  
  1.1MB
- MD5
  
  61a00bc79ddbda3a472b94b508906b23
- SHA1
  
  83f13b6f7823c2e1e840d84fde686a8374549686
- SHA256
  
  43cc48d58bc8f16357b664facb2067e7de4e9ed732e670577ae0322cd4b1d891
- SHA512
  
  ea1545beb977aec11a782ce9b91c8d3d36acdc0088b12826f632aeb1e781a70f1e9ec7001337316b4af7bd5579ff700715dcf85c7d05055e16c225ed036a7195
- SSDEEP
  
  24576:yyau/IxE9cisriYZdGY66ht7TsNXrhllD:ZaQZvYZdG8KN1ll
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan