healer | 27b98896d5792c0068da5256ac4dada2b4a3068d1bd372e4e422999500b83121 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27b98896d5792c0068da5256ac4dada2b4a3068d1bd372e4e422999500b83121
Size

839KB
Sample

230822-mcph7sbf59
MD5

f0c5988716fe57954345323c9e762d09
SHA1

a9217528e91eda2ef8e05294573223b0116d8603
SHA256

27b98896d5792c0068da5256ac4dada2b4a3068d1bd372e4e422999500b83121
SHA512

3add9623dc06ad9ae3758d2786f7fa68e9ae7a0b50e6126a1a606ee8a67d7aac0f20323f544b80294b4c364926a5e42ec3ccc2774d8a0119f7c29241176361e2
SSDEEP

12288:9Mr2y90FhgeuttAbjlbJMG9TAIQn/Gs6PgueRKwXUgy1MXpSypioH/H8PMaRk:7yiqLttIbmG9AZgP7WbXxXvpJ0Pty

Score

10^/10

healer redline piter dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

piter

C2

77.91.124.73:19071

Attributes

auth_value
7f92ff466423bb35edbfbc22f78b0bb9

Targets

- Target
  
  27b98896d5792c0068da5256ac4dada2b4a3068d1bd372e4e422999500b83121
- Size
  
  839KB
- MD5
  
  f0c5988716fe57954345323c9e762d09
- SHA1
  
  a9217528e91eda2ef8e05294573223b0116d8603
- SHA256
  
  27b98896d5792c0068da5256ac4dada2b4a3068d1bd372e4e422999500b83121
- SHA512
  
  3add9623dc06ad9ae3758d2786f7fa68e9ae7a0b50e6126a1a606ee8a67d7aac0f20323f544b80294b4c364926a5e42ec3ccc2774d8a0119f7c29241176361e2
- SSDEEP
  
  12288:9Mr2y90FhgeuttAbjlbJMG9TAIQn/Gs6PgueRKwXUgy1MXpSypioH/H8PMaRk:7yiqLttIbmG9AZgP7WbXxXvpJ0Pty
Score

10^/10

healer redline piter dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinepiterdropperevasioninfostealerpersistencetrojan