healer | 2acd9dc839dbcd0d02fa0cbe2f7503084d1c7afa80089c059ba90bc232305db7 | Triage

Sharing

General

Target

2acd9dc839dbcd0d02fa0cbe2f7503084d1c7afa80089c059ba90bc232305db7
Size

877KB
Sample

231003-fbgnmsgc2z
MD5

55b6e15a4852dcaf67d4165fda77829c
SHA1

d5bf586159ac5809486e46e857c79f34454fa8f7
SHA256

2acd9dc839dbcd0d02fa0cbe2f7503084d1c7afa80089c059ba90bc232305db7
SHA512

0b728218347299ba5be81e5211034b862618db231fde76b76bf9989c8b0f2db2f06c62b4bab9503933df1491ed1152c9939fe691022ce8a7aef80a56b9ec8423
SSDEEP

12288:IMrvy90ujpTuFN56f7VPTUSuPQXZGCG+4BtZ3IAdFTV796GkBeSoVu/xTo4X0Lqr:Hy+Bc4ZPuMDIAH59fkBnoAudqD3

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  2acd9dc839dbcd0d02fa0cbe2f7503084d1c7afa80089c059ba90bc232305db7
- Size
  
  877KB
- MD5
  
  55b6e15a4852dcaf67d4165fda77829c
- SHA1
  
  d5bf586159ac5809486e46e857c79f34454fa8f7
- SHA256
  
  2acd9dc839dbcd0d02fa0cbe2f7503084d1c7afa80089c059ba90bc232305db7
- SHA512
  
  0b728218347299ba5be81e5211034b862618db231fde76b76bf9989c8b0f2db2f06c62b4bab9503933df1491ed1152c9939fe691022ce8a7aef80a56b9ec8423
- SSDEEP
  
  12288:IMrvy90ujpTuFN56f7VPTUSuPQXZGCG+4BtZ3IAdFTV796GkBeSoVu/xTo4X0Lqr:Hy+Bc4ZPuMDIAH59fkBnoAudqD3
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan