healer | b9641a944f59cd20208b00e97e124ab35263ca8c54350d6a1f47954533f773c4 | Triage

Sharing

General

Target

NEAS.9078cdef5aa55562d8ba2625e9abba00_JC.exe
Size

19KB
Sample

231028-g4aw8seg4v
MD5

9078cdef5aa55562d8ba2625e9abba00
SHA1

e875c6a4614431e8d484328718627f75e0168dfc
SHA256

b9641a944f59cd20208b00e97e124ab35263ca8c54350d6a1f47954533f773c4
SHA512

f5b3fb0d47d7238b64fddaf11c7207b1aeeebe2ac8f35bfee3a003393fba559dd707f83ab5eafbb4717daa34098d29a366461fef7bd2b5ac7d31940201566737
SSDEEP

384:zw+1WA2Ni64rXGfZvTx1uHFGi4i/8E9VFf:zw+gU64r8QzeE

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  NEAS.9078cdef5aa55562d8ba2625e9abba00_JC.exe
- Size
  
  19KB
- MD5
  
  9078cdef5aa55562d8ba2625e9abba00
- SHA1
  
  e875c6a4614431e8d484328718627f75e0168dfc
- SHA256
  
  b9641a944f59cd20208b00e97e124ab35263ca8c54350d6a1f47954533f773c4
- SHA512
  
  f5b3fb0d47d7238b64fddaf11c7207b1aeeebe2ac8f35bfee3a003393fba559dd707f83ab5eafbb4717daa34098d29a366461fef7bd2b5ac7d31940201566737
- SSDEEP
  
  384:zw+1WA2Ni64rXGfZvTx1uHFGi4i/8E9VFf:zw+gU64r8QzeE
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan