healer | 91c8694b12c7489be239393cc92091108b67422523422933d5121e428c5bb202 | Triage

Sharing

General

Target

91c8694b12c7489be239393cc92091108b67422523422933d5121e428c5bb202_JC.exe
Size

217KB
Sample

231011-g6eyzaha42
MD5

83108d2cdb8f411f584697544ac79e32
SHA1

2be20355f9b64f44efe9eb2a93f3d8dcd05f7130
SHA256

91c8694b12c7489be239393cc92091108b67422523422933d5121e428c5bb202
SHA512

6e9c0c22b888297bfa0ea9c5d5ddaa4dd0e5fc6c56a207de0bde248f963a12ec6c423f5fde6f86cab8909ef21fee5cdbc7d4760aa13d085c44cbc307bfdf221c
SSDEEP

6144:dzC/lDiGarJuUZQbHVwHPAmAOSHGP3viKC:dzciGarJuUOmQHG3iKC

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  91c8694b12c7489be239393cc92091108b67422523422933d5121e428c5bb202_JC.exe
- Size
  
  217KB
- MD5
  
  83108d2cdb8f411f584697544ac79e32
- SHA1
  
  2be20355f9b64f44efe9eb2a93f3d8dcd05f7130
- SHA256
  
  91c8694b12c7489be239393cc92091108b67422523422933d5121e428c5bb202
- SHA512
  
  6e9c0c22b888297bfa0ea9c5d5ddaa4dd0e5fc6c56a207de0bde248f963a12ec6c423f5fde6f86cab8909ef21fee5cdbc7d4760aa13d085c44cbc307bfdf221c
- SSDEEP
  
  6144:dzC/lDiGarJuUZQbHVwHPAmAOSHGP3viKC:dzciGarJuUOmQHG3iKC
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan