healer | 1c89a39eabddce23205bfc64094ee35a4dac9d5d47129ff3c6b6f70e615a0134 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c89a39eabddce23205bfc64094ee35a4dac9d5d47129ff3c6b6f70e615a0134
Size

929KB
Sample

230830-ce7sfshb82
MD5

c87e0f3048cc846a7bd79f6ab9b93e49
SHA1

d596b60224a099f1059799c03c3b95032b2d5cbf
SHA256

1c89a39eabddce23205bfc64094ee35a4dac9d5d47129ff3c6b6f70e615a0134
SHA512

29d981dc90451f00ac7a0c06523334e5e3fd05f6109f649ceada308e2ae0e63ad71dd38c16827e780e6b30b5774519654094fbff3bb4da2a21995ae31799f18c
SSDEEP

12288:jMrIy90Z2EVbOPSPUqsnG9hSErL2Z+ytcEcVTCGx8s6JRL4mwfbmb:XycSPSmGDSML2EyGnpD8sw/wTmb

Score

10^/10

healer redline sruta dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

sruta

C2

77.91.124.82:19071

Attributes

auth_value
c556edcd49703319eca74247de20c236

Targets

- Target
  
  1c89a39eabddce23205bfc64094ee35a4dac9d5d47129ff3c6b6f70e615a0134
- Size
  
  929KB
- MD5
  
  c87e0f3048cc846a7bd79f6ab9b93e49
- SHA1
  
  d596b60224a099f1059799c03c3b95032b2d5cbf
- SHA256
  
  1c89a39eabddce23205bfc64094ee35a4dac9d5d47129ff3c6b6f70e615a0134
- SHA512
  
  29d981dc90451f00ac7a0c06523334e5e3fd05f6109f649ceada308e2ae0e63ad71dd38c16827e780e6b30b5774519654094fbff3bb4da2a21995ae31799f18c
- SSDEEP
  
  12288:jMrIy90Z2EVbOPSPUqsnG9hSErL2Z+ytcEcVTCGx8s6JRL4mwfbmb:XycSPSmGDSML2EyGnpD8sw/wTmb
Score

10^/10

healer redline sruta dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinesrutadropperevasioninfostealerpersistencetrojan