healer | 093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700 | Triage

Sharing

General

Target

093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700
Size

826KB
Sample

230824-kvjdsscg6y
MD5

18405c37f6af9d0c4457645db5930eaf
SHA1

60cfd3530b05e8dec2227ef3e7ddb7749971f335
SHA256

093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700
SHA512

7e2ca74cc496c473764cb3e413bf58d97166609f8cb70291885f3ef0509cd4dcc460e96086e9920adcc90454cd5b8b34bf2abed098c649586362720c49917082
SSDEEP

12288:HMr6y90ijUtjpRLIKXU1HHcDeNZSN6gotS0RkWqer12xrwa8gi4JSt4:JyojpBIKUHcDyAN6LBkR81awXK64

Score

10^/10

healer redline rwan dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

rwan

C2

77.91.124.73:19071

Attributes

auth_value
7c40eda5da4f888d6f61befbf947d9fe

Targets

- Target
  
  093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700
- Size
  
  826KB
- MD5
  
  18405c37f6af9d0c4457645db5930eaf
- SHA1
  
  60cfd3530b05e8dec2227ef3e7ddb7749971f335
- SHA256
  
  093a61458849781533493401f3ce15aaf4710b6a55f76ed8fedc9075ec58b700
- SHA512
  
  7e2ca74cc496c473764cb3e413bf58d97166609f8cb70291885f3ef0509cd4dcc460e96086e9920adcc90454cd5b8b34bf2abed098c649586362720c49917082
- SSDEEP
  
  12288:HMr6y90ijUtjpRLIKXU1HHcDeNZSN6gotS0RkWqer12xrwa8gi4JSt4:JyojpBIKUHcDyAN6LBkR81awXK64
Score

10^/10

healer redline rwan dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinerwandropperevasioninfostealerpersistencetrojan