healer

General

Target

5fbd4a4ce62d41a918ceee70d.exe
Size

783KB
Sample

230708-t24sragd8s
MD5

5fbd4a4ce62d41a918ceee70d657e32c
SHA1

eb167931981fc0bdb8700449e7ad12ae7d6840ce
SHA256

9e1599ff2a5b41029e3699dbafddb9a58418a7a2ac1bd7fd5b4d153f35bfa30e
SHA512

a00dbc5803593edc8f2aef3ea93a895043c84de855d56917fba01d754191d43ec14a3c6ce6b22a17c628b4e21b20d1aa423bffb17fc39017f93907a683b99abf
SSDEEP

24576:d26dmvV82g96NMv/16Zbb6uNGJoCi2Oer+39Y5Dp:c6YCP6m3ASu0JoEosDp

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.68.70:19073

Attributes

auth_value
1514e6c0ec3d10a36f68f61b206f5759

Targets

- Target
  
  5fbd4a4ce62d41a918ceee70d.exe
- Size
  
  783KB
- MD5
  
  5fbd4a4ce62d41a918ceee70d657e32c
- SHA1
  
  eb167931981fc0bdb8700449e7ad12ae7d6840ce
- SHA256
  
  9e1599ff2a5b41029e3699dbafddb9a58418a7a2ac1bd7fd5b4d153f35bfa30e
- SHA512
  
  a00dbc5803593edc8f2aef3ea93a895043c84de855d56917fba01d754191d43ec14a3c6ce6b22a17c628b4e21b20d1aa423bffb17fc39017f93907a683b99abf
- SSDEEP
  
  24576:d26dmvV82g96NMv/16Zbb6uNGJoCi2Oer+39Y5Dp:c6YCP6m3ASu0JoEosDp
Score

10^/10

healer redline norm dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Healer an antivirus disabler dropper

Modifies Windows Defender Real-time Protection settings

RedLine

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2