healer | bd13eb95197136d2127656acf910298b33a7a6d9ca990a2da6f3b9919affd5f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd13eb95197136d2127656acf910298b33a7a6d9ca990a2da6f3b9919affd5f3
Size

1.1MB
Sample

231002-k6p1qaac49
MD5

dd8cf6125f3be41e6cdbbd0efdb37afe
SHA1

74afbaed38a1ee54316b40ca917bbb4436e01ff5
SHA256

bd13eb95197136d2127656acf910298b33a7a6d9ca990a2da6f3b9919affd5f3
SHA512

b46e4f9429630a57d6898388dce59bed2f01d20aa0f6f88ebd3f4cda8b59390d097f35c90aeb9c5de8f8ff1c6417b5f2b19ffe1d2340f78517b5a7b839498562
SSDEEP

24576:Ryf19lAN4khkoNE1rQZyNMGY+N3bfBUOabDn6:Ef7l9gGt3bW3Hn

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  bd13eb95197136d2127656acf910298b33a7a6d9ca990a2da6f3b9919affd5f3
- Size
  
  1.1MB
- MD5
  
  dd8cf6125f3be41e6cdbbd0efdb37afe
- SHA1
  
  74afbaed38a1ee54316b40ca917bbb4436e01ff5
- SHA256
  
  bd13eb95197136d2127656acf910298b33a7a6d9ca990a2da6f3b9919affd5f3
- SHA512
  
  b46e4f9429630a57d6898388dce59bed2f01d20aa0f6f88ebd3f4cda8b59390d097f35c90aeb9c5de8f8ff1c6417b5f2b19ffe1d2340f78517b5a7b839498562
- SSDEEP
  
  24576:Ryf19lAN4khkoNE1rQZyNMGY+N3bfBUOabDn6:Ef7l9gGt3bW3Hn
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan