healer | aeb5c20d221dbabe7aea05554721a6d292ac662ecedda393f239b776526144ea | Triage

Sharing

General

Target

aeb5c20d221dbabe7aea05554721a6d292ac662ecedda393f239b776526144ea
Size

1.1MB
Sample

231001-s6tmxadc98
MD5

e35af287a2d4d007f8167398f568bc31
SHA1

f009c7ff1c31a5a42bc404924601fc5ab77e546b
SHA256

aeb5c20d221dbabe7aea05554721a6d292ac662ecedda393f239b776526144ea
SHA512

da6663b49031fe86d475828af5d027ed7e4328759ca32cae999c21e466e78d7f0cf1a05b468ae743e7f2c8810ecc822b87edfc980ba71d0af028e7fa68925a45
SSDEEP

24576:My1xnmYeFYCTWY1wUm1iHCgLPH/UzzmyevduwgbBadmtF:71xn9CTWjs5Uzixv2Badk

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  aeb5c20d221dbabe7aea05554721a6d292ac662ecedda393f239b776526144ea
- Size
  
  1.1MB
- MD5
  
  e35af287a2d4d007f8167398f568bc31
- SHA1
  
  f009c7ff1c31a5a42bc404924601fc5ab77e546b
- SHA256
  
  aeb5c20d221dbabe7aea05554721a6d292ac662ecedda393f239b776526144ea
- SHA512
  
  da6663b49031fe86d475828af5d027ed7e4328759ca32cae999c21e466e78d7f0cf1a05b468ae743e7f2c8810ecc822b87edfc980ba71d0af028e7fa68925a45
- SSDEEP
  
  24576:My1xnmYeFYCTWY1wUm1iHCgLPH/UzzmyevduwgbBadmtF:71xn9CTWjs5Uzixv2Badk
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan