healer | 97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00 | Triage

Sharing

General

Target

97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00
Size

929KB
Sample

230823-shlbmada73
MD5

5078ac99d7507eb4473849beafb88198
SHA1

926320d9d26cc34da0726351afd595e0b5587483
SHA256

97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00
SHA512

c4d5f2df89dfd0e1843c71429b85169f87a79691ef6510df89c7c4c082fa6d8886a5ca7e69e1ffaa227796b0018a1096c9168892058bd90dc38521cb2774387f
SSDEEP

24576:eymS4N2PzzSAkndiDJ85MvCf/hgbMIkNBL4B9GMA:tmyXQdimqaFjNZi8

Score

10^/10

healer redline gogi dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

gogi

C2

77.91.124.73:19071

Attributes

auth_value
c7dbabcf1eff128a595c7532cb5489a8

Targets

- Target
  
  97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00
- Size
  
  929KB
- MD5
  
  5078ac99d7507eb4473849beafb88198
- SHA1
  
  926320d9d26cc34da0726351afd595e0b5587483
- SHA256
  
  97e220c2c48fe6321fd8b7507b2c2508106a7137691c7224f020d6fd99df6f00
- SHA512
  
  c4d5f2df89dfd0e1843c71429b85169f87a79691ef6510df89c7c4c082fa6d8886a5ca7e69e1ffaa227796b0018a1096c9168892058bd90dc38521cb2774387f
- SSDEEP
  
  24576:eymS4N2PzzSAkndiDJ85MvCf/hgbMIkNBL4B9GMA:tmyXQdimqaFjNZi8
Score

10^/10

healer redline gogi dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinegogidropperevasioninfostealerpersistencetrojan