healer | 2b61fdecfb0f5f09b899aeaacd5dc58c4f153e96b2dda2644e15701d99f05599 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b61fdecfb0f5f09b899aeaacd5dc58c4f153e96b2dda2644e15701d99f05599
Size

389KB
Sample

230721-hmygmscd58
MD5

2a019efbbc033a0a95adab8c7a61fc9d
SHA1

d650ae0415bf8b230c19daa5d2db8983e1be3b1d
SHA256

2b61fdecfb0f5f09b899aeaacd5dc58c4f153e96b2dda2644e15701d99f05599
SHA512

48600647500be60aef9fc7a318e544e71a232aa95f06b4a4fc80eee0685e9f9e0571a11ca5fbdfa3bea44477b4d6a9333d1d2539ffc1dcebd54581a1f464aa84
SSDEEP

6144:KWy+bnr+Vp0yN90QEoKtyai/60TGz5V0Q2ozoXIZ9GExSmFkbycW6jZlqrd:iMr1y90iKSNazX9JoXIZvSmlm4rd

Score

10^/10

healer redline nasa dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

nasa

C2

77.91.68.68:19071

Attributes

auth_value
6da71218d8a9738ea3a9a78b5677589b

Targets

- Target
  
  2b61fdecfb0f5f09b899aeaacd5dc58c4f153e96b2dda2644e15701d99f05599
- Size
  
  389KB
- MD5
  
  2a019efbbc033a0a95adab8c7a61fc9d
- SHA1
  
  d650ae0415bf8b230c19daa5d2db8983e1be3b1d
- SHA256
  
  2b61fdecfb0f5f09b899aeaacd5dc58c4f153e96b2dda2644e15701d99f05599
- SHA512
  
  48600647500be60aef9fc7a318e544e71a232aa95f06b4a4fc80eee0685e9f9e0571a11ca5fbdfa3bea44477b4d6a9333d1d2539ffc1dcebd54581a1f464aa84
- SSDEEP
  
  6144:KWy+bnr+Vp0yN90QEoKtyai/60TGz5V0Q2ozoXIZ9GExSmFkbycW6jZlqrd:iMr1y90iKSNazX9JoXIZvSmlm4rd
Score

10^/10

healer redline nasa dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinenasadropperevasioninfostealerpersistencetrojan