healer | bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb | Triage

Sharing

General

Target

bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb
Size

828KB
Sample

230822-3eepsahf2t
MD5

8b5019f7eeb01c17088e92b98b5e953c
SHA1

d64e1762cec1af4d2d39155725707479077531af
SHA256

bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb
SHA512

9bd607c4612f0d70b1e94484a7a9f8eb39e19d10b88d19079c1bdd5a2c1b34dfde9b959054ab80f521dbde04325857ceda7859f462d027565fc43b93493084dc
SSDEEP

12288:GMrwy90FCcA+hql0H9mkDvSyqiptHNm8XLNFzj4eICgMeHKWgnP6ZsBY1qBpsf:ay0CcvMGkkrSyfnIu5KeIC7HWgycq

Score

10^/10

healer redline rota dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

rota

C2

77.91.124.73:19071

Attributes

auth_value
320c7daa59eb9b82e20a15162392a756

Targets

- Target
  
  bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb
- Size
  
  828KB
- MD5
  
  8b5019f7eeb01c17088e92b98b5e953c
- SHA1
  
  d64e1762cec1af4d2d39155725707479077531af
- SHA256
  
  bde92e696d3184b5f4b7a35200dcb08ae4e97db9337f51dd88219349ff86adeb
- SHA512
  
  9bd607c4612f0d70b1e94484a7a9f8eb39e19d10b88d19079c1bdd5a2c1b34dfde9b959054ab80f521dbde04325857ceda7859f462d027565fc43b93493084dc
- SSDEEP
  
  12288:GMrwy90FCcA+hql0H9mkDvSyqiptHNm8XLNFzj4eICgMeHKWgnP6ZsBY1qBpsf:ay0CcvMGkkrSyfnIu5KeIC7HWgycq
Score

10^/10

healer redline rota dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinerotadropperevasioninfostealerpersistencetrojan