healer | ef0f222217f4b83988df688f49728aef5c126e35411909180a395050a04f8dde | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef0f222217f4b83988df688f49728aef5c126e35411909180a395050a04f8dde
Size

827KB
Sample

230831-eg7atacd81
MD5

221b188cd8088ae5c9b01594be8c2801
SHA1

c05e9dc7f5e1e74e0b34fa07de759b018d64a985
SHA256

ef0f222217f4b83988df688f49728aef5c126e35411909180a395050a04f8dde
SHA512

49d63a0d9d26cc07ffbec2707032cd2bd712a9f5af92b686f6c670c97e053b3977409c3a08d03aa8e37b1a2213c90daf9530d9d4ecd5095d5f1656b7cea46144
SSDEEP

24576:JyiUcIk57J5/bBZzJVP12SM2gxzcDPOzI:8i39xbBZHPxMwDPOz

Score

10^/10

healer redline sruta dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

sruta

C2

77.91.124.82:19071

Attributes

auth_value
c556edcd49703319eca74247de20c236

Targets

- Target
  
  ef0f222217f4b83988df688f49728aef5c126e35411909180a395050a04f8dde
- Size
  
  827KB
- MD5
  
  221b188cd8088ae5c9b01594be8c2801
- SHA1
  
  c05e9dc7f5e1e74e0b34fa07de759b018d64a985
- SHA256
  
  ef0f222217f4b83988df688f49728aef5c126e35411909180a395050a04f8dde
- SHA512
  
  49d63a0d9d26cc07ffbec2707032cd2bd712a9f5af92b686f6c670c97e053b3977409c3a08d03aa8e37b1a2213c90daf9530d9d4ecd5095d5f1656b7cea46144
- SSDEEP
  
  24576:JyiUcIk57J5/bBZzJVP12SM2gxzcDPOzI:8i39xbBZHPxMwDPOz
Score

10^/10

healer redline sruta dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinesrutadropperevasioninfostealerpersistencetrojan