healer | edba733bfa922850343cbd205693816138a041ed09b7f48f48b7ef91654b2c84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

839KB
Sample

230821-spnqbsdf42
MD5

20fb86b2d885cf842104013d1110bc21
SHA1

58746f17b7f31b68baf20499b56064080d760c0d
SHA256

edba733bfa922850343cbd205693816138a041ed09b7f48f48b7ef91654b2c84
SHA512

b549e500d70d088775690e1bc6c411db8e1e3e75a081cc4e17fadb4e1f3e6484ea2f5e80d701425d842ff4b22fec368a068e57e25b681d0c692e1ccc47e1ac21
SSDEEP

24576:Wy4ZL7HTWkMdbitEHjGlduoOhqxbduSgmX:lIL7HqkMNitoGShqd8

Score

10^/10

healer redline lang dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

lang

C2

77.91.124.73:19071

Attributes

auth_value
92c0fc2b7a8b3fc5a01baa1abf31c42a

Targets

- Target
  
  tmp
- Size
  
  839KB
- MD5
  
  20fb86b2d885cf842104013d1110bc21
- SHA1
  
  58746f17b7f31b68baf20499b56064080d760c0d
- SHA256
  
  edba733bfa922850343cbd205693816138a041ed09b7f48f48b7ef91654b2c84
- SHA512
  
  b549e500d70d088775690e1bc6c411db8e1e3e75a081cc4e17fadb4e1f3e6484ea2f5e80d701425d842ff4b22fec368a068e57e25b681d0c692e1ccc47e1ac21
- SSDEEP
  
  24576:Wy4ZL7HTWkMdbitEHjGlduoOhqxbduSgmX:lIL7HqkMNitoGShqd8
Score

10^/10

healer redline lang dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinelangdropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinelangdropperevasioninfostealerpersistencetrojan