healer

General

Target

c30d6278694817d3cc99f6ff5265da74.exe
Size

1.5MB
Sample

230710-ytt1ssed4s
MD5

c30d6278694817d3cc99f6ff5265da74
SHA1

350567243f65ea38c3bcbc24fc93272e4e46217b
SHA256

9c63b1ba6018935ad5e5fbb92f79d2bbd6eeb9ee0520ed5cbe7b9e1213eb33a6
SHA512

3963175ae52c90b743dbcc1b38220ab2abcc10916558053c1a6f13ac52ca426aec2394ddf5220f482c48ad9e08955704b4764289c26f50a45ee648297b5b4a89
SSDEEP

24576:cy51XtT3ttYzCJsw66AMLRzIdYiQceweiSKE70EpUSn6qY0I+mUNNqU:LHXdttB0uJKjQTkE73pBDY0I+JNg

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes

auth_value
55b9b39a0dae383196a4b8d79e5bb805

Targets

- Target
  
  c30d6278694817d3cc99f6ff5265da74.exe
- Size
  
  1.5MB
- MD5
  
  c30d6278694817d3cc99f6ff5265da74
- SHA1
  
  350567243f65ea38c3bcbc24fc93272e4e46217b
- SHA256
  
  9c63b1ba6018935ad5e5fbb92f79d2bbd6eeb9ee0520ed5cbe7b9e1213eb33a6
- SHA512
  
  3963175ae52c90b743dbcc1b38220ab2abcc10916558053c1a6f13ac52ca426aec2394ddf5220f482c48ad9e08955704b4764289c26f50a45ee648297b5b4a89
- SSDEEP
  
  24576:cy51XtT3ttYzCJsw66AMLRzIdYiQceweiSKE70EpUSn6qY0I+mUNNqU:LHXdttB0uJKjQTkE73pBDY0I+JNg
Score

10^/10

persistence healer redline masha dropper evasion infostealer trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Healer an antivirus disabler dropper

Modifies Windows Defender Real-time Protection settings

RedLine

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2