healer | 6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd | Triage

Sharing

General

Target

6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
Size

839KB
Sample

230821-p29lsach36
MD5

90ce9339b86b2041a6805e4b37f5bf00
SHA1

937696856fd132128b2130b40581515b198e0c1a
SHA256

6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
SHA512

74f27d7b094d264e37451f11c31067cf30ddffcb3811acd394347bc007b540ac3dbaf78775f2c47c7abdf97bea8cf1d4c9d29dfac7c318a8058460466e9416e1
SSDEEP

12288:LMrLy90Y3XTzeTBewCe9z6FQWQZO6lRxlRBom++sv+Oqe5cxvWr+zGq0mho7hQz0:gyVvbeAFKI6LDBQAOr+zGq0n7i0

Score

10^/10

healer redline lang dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

lang

C2

77.91.124.73:19071

Attributes

auth_value
92c0fc2b7a8b3fc5a01baa1abf31c42a

Targets

- Target
  
  6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
- Size
  
  839KB
- MD5
  
  90ce9339b86b2041a6805e4b37f5bf00
- SHA1
  
  937696856fd132128b2130b40581515b198e0c1a
- SHA256
  
  6b4f70dd378951fab795d2db5f9e7dcc8b0ab0f0603cb0926b7fea8f15c5e3fd
- SHA512
  
  74f27d7b094d264e37451f11c31067cf30ddffcb3811acd394347bc007b540ac3dbaf78775f2c47c7abdf97bea8cf1d4c9d29dfac7c318a8058460466e9416e1
- SSDEEP
  
  12288:LMrLy90Y3XTzeTBewCe9z6FQWQZO6lRxlRBom++sv+Oqe5cxvWr+zGq0mho7hQz0:gyVvbeAFKI6LDBQAOr+zGq0n7i0
Score

10^/10

healer redline lang dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinelangdropperevasioninfostealerpersistencetrojan