healer

General

Target

606fbe646ebb4df5c3f5b54e46c0fdf1.bin
Size

1.5MB
Sample

230712-bt52qsce9t
MD5

d6a8cefe400c325578565e03c1eda80c
SHA1

60922c283dd80343afb1abfe5965577be56c9641
SHA256

b2d64f00ce057270be092cbe7908eb7dcf8953fb2f1c5c081056b8f239d7c7e5
SHA512

c4743951ea03d26477513d8cae778ef7050042eb924b8ec4328f98859a0b0d68c6af5dc88b1be2c55e2f26efca693d5768a4471f9f67c82628e6a023276a752a
SSDEEP

24576:zlWggJGR7YD8zKbHrCJUCLPiswOkmv1Lfk6vZLGUkIZ2/OhoksaU/Gz1FVJsm9OP:ZWg4NbeJUiHH9Lfk6x/2mZU/Gz1jJN90

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes

auth_value
55b9b39a0dae383196a4b8d79e5bb805

Targets

- Target
  
  edcd11e45efed930a5a9563c77aa25c91d52061edd71739f3b01b63568f9d706.exe
- Size
  
  1.5MB
- MD5
  
  606fbe646ebb4df5c3f5b54e46c0fdf1
- SHA1
  
  8ff94dd2d2164452af6a4b3dcc070b3d83df1a08
- SHA256
  
  edcd11e45efed930a5a9563c77aa25c91d52061edd71739f3b01b63568f9d706
- SHA512
  
  a3d7c5481f3f5cf1a239b6c448a608868faec6801b098f4d5c922cbbd544b7b7e1751922f9ed2b395d33983886a60e4793cd1a0db507664fa00ec99182153379
- SSDEEP
  
  49152:7ir0XAypplkMlIMLZ3RqJfPoH3SRm0QIrbQX:G0XAyJEMLZI4H3ADf
Score

10^/10

healer redline masha dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Healer an antivirus disabler dropper

Modifies Windows Defender Real-time Protection settings

RedLine

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2