healer | 2791986da20cb8d11c2f436f23ff38a8746c190525d5cfb4a528d631b34da419 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x6274250.exe
Size

372KB
Sample

230817-erenjsha4w
MD5

5bdea84a4bfd47f7aa22c07ca71fce7b
SHA1

e71ddbf47ac9bc0969a0b3bd077b70024da7f4a4
SHA256

2791986da20cb8d11c2f436f23ff38a8746c190525d5cfb4a528d631b34da419
SHA512

3aba70525f3adc99b24cd38838be1be7aa275fed0dadf1a7742d76c4eeebe75d1ff9b9815b69e6ae1c4f9c4b707bf9a09fd85002ebff6ca6aa326341880d1c63
SSDEEP

6144:KQy+bnr+vp0yN90QEz0b1j8EedQ/Od7lfTMNNWRS3PR1cdNHYvGCjJ:YMrTy90d0b1j8PQo7lfTMNNRpCmvG+

Score

10^/10

healer redline dava dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

dava

C2

77.91.124.54:19071

Attributes

auth_value
3ce5222c1baaa06681dfe0012ce1de23

Targets

- Target
  
  x6274250.exe
- Size
  
  372KB
- MD5
  
  5bdea84a4bfd47f7aa22c07ca71fce7b
- SHA1
  
  e71ddbf47ac9bc0969a0b3bd077b70024da7f4a4
- SHA256
  
  2791986da20cb8d11c2f436f23ff38a8746c190525d5cfb4a528d631b34da419
- SHA512
  
  3aba70525f3adc99b24cd38838be1be7aa275fed0dadf1a7742d76c4eeebe75d1ff9b9815b69e6ae1c4f9c4b707bf9a09fd85002ebff6ca6aa326341880d1c63
- SSDEEP
  
  6144:KQy+bnr+vp0yN90QEz0b1j8EedQ/Od7lfTMNNWRS3PR1cdNHYvGCjJ:YMrTy90d0b1j8PQo7lfTMNNRpCmvG+
Score

10^/10

healer redline dava dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedavadropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinedavadropperevasioninfostealerpersistencetrojan