healer | 13a8dbfff38f004675bf2b26cc6396a9a554acd341bd5390d08b651466245d8b | Triage

Sharing

General

Target

8bb6f34c507d6cfea5554b746cdc5e70_NeikiAnalytics.exe
Size

197KB
Sample

240525-qlstrsdh6z
MD5

8bb6f34c507d6cfea5554b746cdc5e70
SHA1

426f3fa9ca4b4816fada366a3f3232ac75d8d22c
SHA256

13a8dbfff38f004675bf2b26cc6396a9a554acd341bd5390d08b651466245d8b
SHA512

3f12580aee83211d75247a63a677e0f184351ef359053fc595929b971e89026dcdcf704fc343f46cb92bfb1e6b184a00284f90443beee0002da0f44234daa1fa
SSDEEP

3072:ILiDZUSV5XPJ0X6W6pdx5AL+LgPXRzIahXpWRFNgyDLNaeu+QJ6tR:VtTV5R0X6W6pdxSLM8phXpeFX2+f

Score

10^/10

healer dropper evasion trojan

Malware Config

Targets

- Target
  
  8bb6f34c507d6cfea5554b746cdc5e70_NeikiAnalytics.exe
- Size
  
  197KB
- MD5
  
  8bb6f34c507d6cfea5554b746cdc5e70
- SHA1
  
  426f3fa9ca4b4816fada366a3f3232ac75d8d22c
- SHA256
  
  13a8dbfff38f004675bf2b26cc6396a9a554acd341bd5390d08b651466245d8b
- SHA512
  
  3f12580aee83211d75247a63a677e0f184351ef359053fc595929b971e89026dcdcf704fc343f46cb92bfb1e6b184a00284f90443beee0002da0f44234daa1fa
- SSDEEP
  
  3072:ILiDZUSV5XPJ0X6W6pdx5AL+LgPXRzIahXpWRFNgyDLNaeu+QJ6tR:VtTV5R0X6W6pdxSLM8phXpeFX2+f
Score

10^/10

healer dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasiontrojan

behavioral2

healerdropperevasiontrojan