healer | df298de3a413061c479b66a5219302fe0da0b11a2c3a90e521b68f67219b0571 | Triage

Sharing

General

Target

df298de3a413061c479b66a5219302fe0da0b11a2c3a90e521b68f67219b0571
Size

838KB
Sample

230821-xcw86aha4y
MD5

2e88ed1b1b88eaa7f44cf2f29930d130
SHA1

548d56fd197f8fccf4ba981ad05ee9695a5c0da2
SHA256

df298de3a413061c479b66a5219302fe0da0b11a2c3a90e521b68f67219b0571
SHA512

7bf9cf794e9edad4ce1eff1c8c17327b87cc923629b15961850c64cb8a33ac48b4183a0bff8d59688bb3722875151e765fe7ca50d342e99425608078714c432e
SSDEEP

12288:tMrdy9050kSlvF2P4BiHYoZNkvb4uSQyiWtsozDnDblaXcb9bkbO+Srca:gyi0JA4Bi44kcuSpsoPV4+9ca

Score

10^/10

healer redline lang dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

lang

C2

77.91.124.73:19071

Attributes

auth_value
92c0fc2b7a8b3fc5a01baa1abf31c42a

Targets

- Target
  
  df298de3a413061c479b66a5219302fe0da0b11a2c3a90e521b68f67219b0571
- Size
  
  838KB
- MD5
  
  2e88ed1b1b88eaa7f44cf2f29930d130
- SHA1
  
  548d56fd197f8fccf4ba981ad05ee9695a5c0da2
- SHA256
  
  df298de3a413061c479b66a5219302fe0da0b11a2c3a90e521b68f67219b0571
- SHA512
  
  7bf9cf794e9edad4ce1eff1c8c17327b87cc923629b15961850c64cb8a33ac48b4183a0bff8d59688bb3722875151e765fe7ca50d342e99425608078714c432e
- SSDEEP
  
  12288:tMrdy9050kSlvF2P4BiHYoZNkvb4uSQyiWtsozDnDblaXcb9bkbO+Srca:gyi0JA4Bi44kcuSpsoPV4+9ca
Score

10^/10

healer redline lang dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinelangdropperevasioninfostealerpersistencetrojan