healer | f8bf8ab5eaf396c5ad0db389499ec37e7b09f13657a3e6099fedee68e1c6e72e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8bf8ab5eaf396c5ad0db389499ec37e7b09f13657a3e6099fedee68e1c6e72e
Size

876KB
Sample

231003-fgxxtagc9z
MD5

eb7e722fc51465be58167d84b441401c
SHA1

f6c041ee7fecd44218a0cad6ec5ded9708e93e96
SHA256

f8bf8ab5eaf396c5ad0db389499ec37e7b09f13657a3e6099fedee68e1c6e72e
SHA512

2020f022a702f9c6ae10a483c63e58b77b5932b41cd27a42687738312b7b8e3aa16ce5e4126b211b65ace325af52a3a94d50cccad42f7730609544c73dc02cfa
SSDEEP

12288:LMr0y90qFCZbR3gbXXxIzguLu+ZTpfzeqF0T5hycMbaatq1aedYZTmZM:/yzgZbR30Kjio7lMHMFvwYYZM

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  f8bf8ab5eaf396c5ad0db389499ec37e7b09f13657a3e6099fedee68e1c6e72e
- Size
  
  876KB
- MD5
  
  eb7e722fc51465be58167d84b441401c
- SHA1
  
  f6c041ee7fecd44218a0cad6ec5ded9708e93e96
- SHA256
  
  f8bf8ab5eaf396c5ad0db389499ec37e7b09f13657a3e6099fedee68e1c6e72e
- SHA512
  
  2020f022a702f9c6ae10a483c63e58b77b5932b41cd27a42687738312b7b8e3aa16ce5e4126b211b65ace325af52a3a94d50cccad42f7730609544c73dc02cfa
- SSDEEP
  
  12288:LMr0y90qFCZbR3gbXXxIzguLu+ZTpfzeqF0T5hycMbaatq1aedYZTmZM:/yzgZbR30Kjio7lMHMFvwYYZM
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan

behavioral2

healerdropperevasionpersistencetrojan