healer | 242f31c4cbeaf4fe905815364fc095cdc886aa10c0be9ab918a91457e8de8170 | Triage

Sharing

General

Target

242f31c4cbeaf4fe905815364fc095cdc886aa10c0be9ab918a91457e8de8170
Size

166KB
Sample

241121-zcwnqsxlet
MD5

05740b3c1a2bd9913889d56c6c05d151
SHA1

324178596192bd56b5bb817c83115205824227cb
SHA256

242f31c4cbeaf4fe905815364fc095cdc886aa10c0be9ab918a91457e8de8170
SHA512

7af7fac05c4f330520b09fa213da9d23782723d6d5d558ce7ddc5fc11c8ff36931154a05ec3f30146cf9979af0923de446d5eb8cd4434381c09484a89da39778
SSDEEP

3072:yWpJZrSoCyIGCH/G+3jYu4yUuvd6sOx5ITx:5tSohCf33jYVuvdQ

Score

10^/10

healer discovery dropper evasion trojan

Malware Config

Targets

- Target
  
  242f31c4cbeaf4fe905815364fc095cdc886aa10c0be9ab918a91457e8de8170
- Size
  
  166KB
- MD5
  
  05740b3c1a2bd9913889d56c6c05d151
- SHA1
  
  324178596192bd56b5bb817c83115205824227cb
- SHA256
  
  242f31c4cbeaf4fe905815364fc095cdc886aa10c0be9ab918a91457e8de8170
- SHA512
  
  7af7fac05c4f330520b09fa213da9d23782723d6d5d558ce7ddc5fc11c8ff36931154a05ec3f30146cf9979af0923de446d5eb8cd4434381c09484a89da39778
- SSDEEP
  
  3072:yWpJZrSoCyIGCH/G+3jYu4yUuvd6sOx5ITx:5tSohCf33jYVuvdQ
Score

10^/10

healer discovery dropper evasion trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdiscoverydropperevasiontrojan

behavioral2

healerdiscoverydropperevasiontrojan