healer | 1cfcc46aa3d0e9b0c1581d73dd119bfefe2a06f4eeee43527cffcb0b08282f9e | Triage

Sharing

General

Target

1cfcc46aa3d0e9b0c1581d73dd119bfefe2a06f4eeee43527cffcb0b08282f9e
Size

930KB
Sample

230826-nxwcxsbg2w
MD5

b2b9241d65f9d2b78ac5a6dc8c2a41be
SHA1

3517f0df77a613b3147520788a0fa5d82eef67fa
SHA256

1cfcc46aa3d0e9b0c1581d73dd119bfefe2a06f4eeee43527cffcb0b08282f9e
SHA512

c9156e2f8fcab54a9d79b1a4ef9696ed1dc89b8e210d77a872b93e130c49e5ccd2266aeb21f2e3d6632d687a286e30f6fe8ac35db8cb05db3eb107d3a578c408
SSDEEP

12288:DMrCy90AzOJvIBlayCMnBkdfkDNSCXZGEiFud5GIg+sVDokgQ8dzmtducS2jXxu9:dy3mksM+REiFudtkgkd3Dxkb

Score

10^/10

healer redline jaja dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

jaja

C2

77.91.124.73:19071

Attributes

auth_value
3670179d176ca399ed08e7914610b43c

Targets

- Target
  
  1cfcc46aa3d0e9b0c1581d73dd119bfefe2a06f4eeee43527cffcb0b08282f9e
- Size
  
  930KB
- MD5
  
  b2b9241d65f9d2b78ac5a6dc8c2a41be
- SHA1
  
  3517f0df77a613b3147520788a0fa5d82eef67fa
- SHA256
  
  1cfcc46aa3d0e9b0c1581d73dd119bfefe2a06f4eeee43527cffcb0b08282f9e
- SHA512
  
  c9156e2f8fcab54a9d79b1a4ef9696ed1dc89b8e210d77a872b93e130c49e5ccd2266aeb21f2e3d6632d687a286e30f6fe8ac35db8cb05db3eb107d3a578c408
- SSDEEP
  
  12288:DMrCy90AzOJvIBlayCMnBkdfkDNSCXZGEiFud5GIg+sVDokgQ8dzmtducS2jXxu9:dy3mksM+REiFudtkgkd3Dxkb
Score

10^/10

healer redline jaja dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinejajadropperevasioninfostealerpersistencetrojan