healer | 8a1225e4725a92d039fc0aec5516daf2a51a947053dbad955aa56343ff6163c4 | Triage

Sharing

General

Target

8a1225e4725a92d039fc0aec5516daf2a51a947053dbad955aa56343ff6163c4_JC.exe
Size

221KB
Sample

231011-gry4asfg34
MD5

758ac9b057dacf7cbd9c244d43a00d53
SHA1

2adb9b71af3efc7c5f4059c60b8032f94656abae
SHA256

8a1225e4725a92d039fc0aec5516daf2a51a947053dbad955aa56343ff6163c4
SHA512

eeed084a2f45f15157e1fd1d4373d91801fdbe6e00745c81338165307a2dc0af42c6ce405eb830bea385c80ae3895b46013a6a101a861c8ef068f6ca1a8e6771
SSDEEP

6144:gtwPgXzDwghkRrup9xbzAOANf0HoPaJF4S:g7jDwAfz6NcHoqF4S

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  8a1225e4725a92d039fc0aec5516daf2a51a947053dbad955aa56343ff6163c4_JC.exe
- Size
  
  221KB
- MD5
  
  758ac9b057dacf7cbd9c244d43a00d53
- SHA1
  
  2adb9b71af3efc7c5f4059c60b8032f94656abae
- SHA256
  
  8a1225e4725a92d039fc0aec5516daf2a51a947053dbad955aa56343ff6163c4
- SHA512
  
  eeed084a2f45f15157e1fd1d4373d91801fdbe6e00745c81338165307a2dc0af42c6ce405eb830bea385c80ae3895b46013a6a101a861c8ef068f6ca1a8e6771
- SSDEEP
  
  6144:gtwPgXzDwghkRrup9xbzAOANf0HoPaJF4S:g7jDwAfz6NcHoqF4S
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan