healer | bfa4209f155b11212df3a04b432cb8b05372281634a9e4943008392d4fea2f16 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfa4209f155b11212df3a04b432cb8b05372281634a9e4943008392d4fea2f16
Size

564KB
Sample

230817-xvrfmaec2y
MD5

1f0842d0c237e919645152f5c9db36fa
SHA1

e0eeefb9efd6b26d1310840504f582d04c8d81e8
SHA256

bfa4209f155b11212df3a04b432cb8b05372281634a9e4943008392d4fea2f16
SHA512

4b6d8bda813dc815f779c02eac41643f3110923c0e65b5a0a017ce979b7189e3fdb3ed5ac4c33970b6c58d59928a0e88792f901c805ec7d621ea1657c6b92e79
SSDEEP

12288:+Mrmy90IvpzqcMlvC5IcaXC1QWU85ZkYx5:gyvBV5TUCPv7

Score

10^/10

healer redline maga dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

maga

C2

77.91.124.54:19071

Attributes

auth_value
9dd7a0be219be9b6228dc9b4e112b812

Targets

- Target
  
  bfa4209f155b11212df3a04b432cb8b05372281634a9e4943008392d4fea2f16
- Size
  
  564KB
- MD5
  
  1f0842d0c237e919645152f5c9db36fa
- SHA1
  
  e0eeefb9efd6b26d1310840504f582d04c8d81e8
- SHA256
  
  bfa4209f155b11212df3a04b432cb8b05372281634a9e4943008392d4fea2f16
- SHA512
  
  4b6d8bda813dc815f779c02eac41643f3110923c0e65b5a0a017ce979b7189e3fdb3ed5ac4c33970b6c58d59928a0e88792f901c805ec7d621ea1657c6b92e79
- SSDEEP
  
  12288:+Mrmy90IvpzqcMlvC5IcaXC1QWU85ZkYx5:gyvBV5TUCPv7
Score

10^/10

healer redline maga dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemagadropperevasioninfostealerpersistencetrojan