healer | 5dcc9208a404599d97c20ba8552c65b6419d72be3e68aa6e0cef3017e2a02c3e | Triage

Sharing

General

Target

5dcc9208a404599d97c20ba8552c65b6419d72be3e68aa6e0cef3017e2a02c3eN
Size

157KB
Sample

241001-z2fzksvard
MD5

7e0319ba171f044e486ed0a3597b4620
SHA1

cd9ce16f3757c85937e055860f1652fe4817db6d
SHA256

5dcc9208a404599d97c20ba8552c65b6419d72be3e68aa6e0cef3017e2a02c3e
SHA512

8318a8de490680a373d3c5c7165943f678ddf01bc3146c7b027d14c3731f88a4562e2ef70d3804bf256dc6c2d5a6d8b4cefda7f932add1c78e39a9cc42023f12
SSDEEP

3072:7bE9PiVV5QBW4Iy3/W+NNbaf+yiUe7XS+tXO:7bsPSV5h4IyPWy5UgXS0X

Score

10^/10

healer discovery dropper evasion trojan

Malware Config

Targets

- Target
  
  5dcc9208a404599d97c20ba8552c65b6419d72be3e68aa6e0cef3017e2a02c3eN
- Size
  
  157KB
- MD5
  
  7e0319ba171f044e486ed0a3597b4620
- SHA1
  
  cd9ce16f3757c85937e055860f1652fe4817db6d
- SHA256
  
  5dcc9208a404599d97c20ba8552c65b6419d72be3e68aa6e0cef3017e2a02c3e
- SHA512
  
  8318a8de490680a373d3c5c7165943f678ddf01bc3146c7b027d14c3731f88a4562e2ef70d3804bf256dc6c2d5a6d8b4cefda7f932add1c78e39a9cc42023f12
- SSDEEP
  
  3072:7bE9PiVV5QBW4Iy3/W+NNbaf+yiUe7XS+tXO:7bsPSV5h4IyPWy5UgXS0X
Score

10^/10

healer discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdiscoverydropperevasiontrojan

behavioral2

healerdiscoverydropperevasiontrojan