healer | 7e420dfd5377fc7cf6823892af55e7a3a061aac8b7a6d4c4d89550b64775cea2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7e420dfd5377fc7cf6823892af55e7a3a061aac8b7a6d4c4d89550b64775cea2
Size

929KB
Sample

230822-2pw65shc6z
MD5

ec03a91dd720ed039081d38588e0e220
SHA1

48fb640e7a5e74239267ca30f6428eab5f5c9f14
SHA256

7e420dfd5377fc7cf6823892af55e7a3a061aac8b7a6d4c4d89550b64775cea2
SHA512

f84c1c92d4312c6d4a6f158fb919d0e38d5f2d1f4b1600746cf2036f4a4f89e3372c65d4155dccc903890c7c6b09c0ddf92b943bccf19884016b2a23af2559e2
SSDEEP

12288:lMrKy90T6P4TTYvQGFaxzO3b42tMBpfeDlzX0V94N8KIijgr630+cWfdaGzuewUy:bygk5IGuzobHtTaV91Ogrw0t5NFft

Score

10^/10

healer redline rota dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

rota

C2

77.91.124.73:19071

Attributes

auth_value
320c7daa59eb9b82e20a15162392a756

Targets

- Target
  
  7e420dfd5377fc7cf6823892af55e7a3a061aac8b7a6d4c4d89550b64775cea2
- Size
  
  929KB
- MD5
  
  ec03a91dd720ed039081d38588e0e220
- SHA1
  
  48fb640e7a5e74239267ca30f6428eab5f5c9f14
- SHA256
  
  7e420dfd5377fc7cf6823892af55e7a3a061aac8b7a6d4c4d89550b64775cea2
- SHA512
  
  f84c1c92d4312c6d4a6f158fb919d0e38d5f2d1f4b1600746cf2036f4a4f89e3372c65d4155dccc903890c7c6b09c0ddf92b943bccf19884016b2a23af2559e2
- SSDEEP
  
  12288:lMrKy90T6P4TTYvQGFaxzO3b42tMBpfeDlzX0V94N8KIijgr630+cWfdaGzuewUy:bygk5IGuzobHtTaV91Ogrw0t5NFft
Score

10^/10

healer redline rota dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinerotadropperevasioninfostealerpersistencetrojan