healer | 2b1a35d56cf8c1781880fb23dcff5e2d84adbc9ab239be428b0a8f61d149c24c | Triage

Sharing

General

Target

2b1a35d56cf8c1781880fb23dcff5e2d84adbc9ab239be428b0a8f61d149c24c
Size

1.1MB
Sample

231011-q93c4sdc74
MD5

5ca7d5e8bd482af15491a2b306ff9ded
SHA1

cbe3b4e402cb28baed8b9fb685c5978eaca668c7
SHA256

2b1a35d56cf8c1781880fb23dcff5e2d84adbc9ab239be428b0a8f61d149c24c
SHA512

98a2615e483173d3c3ab91d7e2b6b7c24c4af0855fb2a1eab270902caae43541b6f3b9a56e2961e0598cfe84b71f4f308626d572482493f20f9efcd5827e0bdf
SSDEEP

24576:IyhSTkF5G0CLjWuokGKmfdLytJOw4fqtk0vHwgG2QVh+eHV:PgTkFDwN4I7vH7GPcs

Score

10^/10

healer dropper evasion persistence trojan

Malware Config

Targets

- Target
  
  2b1a35d56cf8c1781880fb23dcff5e2d84adbc9ab239be428b0a8f61d149c24c
- Size
  
  1.1MB
- MD5
  
  5ca7d5e8bd482af15491a2b306ff9ded
- SHA1
  
  cbe3b4e402cb28baed8b9fb685c5978eaca668c7
- SHA256
  
  2b1a35d56cf8c1781880fb23dcff5e2d84adbc9ab239be428b0a8f61d149c24c
- SHA512
  
  98a2615e483173d3c3ab91d7e2b6b7c24c4af0855fb2a1eab270902caae43541b6f3b9a56e2961e0598cfe84b71f4f308626d572482493f20f9efcd5827e0bdf
- SSDEEP
  
  24576:IyhSTkF5G0CLjWuokGKmfdLytJOw4fqtk0vHwgG2QVh+eHV:PgTkFDwN4I7vH7GPcs
Score

10^/10

healer dropper evasion persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan

behavioral2

healerdropperevasionpersistencetrojan