healer | c26848d5aceb986829c97ce0afa3e2f676a94ba7ab25c02748ff6a10b2daebd4 | Triage

Sharing

General

Target

c26848d5aceb986829c97ce0afa3e2f676a94ba7ab25c02748ff6a10b2daebd4
Size

921KB
Sample

230714-rmjg6afc7w
MD5

094bca0e9a62c2f95b3caccad98510ad
SHA1

393c723a186d8549b272bc5ec34c709cd3ec1141
SHA256

c26848d5aceb986829c97ce0afa3e2f676a94ba7ab25c02748ff6a10b2daebd4
SHA512

c40f11ea396127ef8dc91ba83f28b435107b5999261aa133221316705c014ceec0ff5205115a485a2ee767d6a2f2d98eab5f6b9e90a875f5287f6facf3de07c1
SSDEEP

24576:XyUJdhiNoCf6wtxescLa7c/NuKiz6eQxMmXnb9NdTvb8:iUqN/LtxeF64weeQxXnb

Score

10^/10

healer redline masha dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes

auth_value
55b9b39a0dae383196a4b8d79e5bb805

Targets

- Target
  
  c26848d5aceb986829c97ce0afa3e2f676a94ba7ab25c02748ff6a10b2daebd4
- Size
  
  921KB
- MD5
  
  094bca0e9a62c2f95b3caccad98510ad
- SHA1
  
  393c723a186d8549b272bc5ec34c709cd3ec1141
- SHA256
  
  c26848d5aceb986829c97ce0afa3e2f676a94ba7ab25c02748ff6a10b2daebd4
- SHA512
  
  c40f11ea396127ef8dc91ba83f28b435107b5999261aa133221316705c014ceec0ff5205115a485a2ee767d6a2f2d98eab5f6b9e90a875f5287f6facf3de07c1
- SSDEEP
  
  24576:XyUJdhiNoCf6wtxescLa7c/NuKiz6eQxMmXnb9NdTvb8:iUqN/LtxeF64weeQxXnb
Score

10^/10

healer redline masha dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemashadropperevasioninfostealerpersistencetrojan