healer | 21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b | Triage

Sharing

General

Target

21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
Size

829KB
Sample

230902-h1jweabf52
MD5

57db2ae32f4f19b342c42f145da41fe9
SHA1

827e839cdbda5d4ad5ddf125616853cd3c84d516
SHA256

21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
SHA512

b2bde8152a54c4dd5fb337fc8653d4ddda16beb5fc74688c81d16c3c14009a493d5159265c106e5249e8d8061b6e8947b0977f9fd0e71db257d54dd52d18e3c3
SSDEEP

12288:cMr7y90mXuvntJ0i4oRtKqeTLwMGJ0+msG2PUqRe1g6vEYWdJwRuz1d:fy3XuPLOoqVIM3sGEUUHdJSc1d

Score

10^/10

healer redline bobik dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

bobik

C2

77.91.124.82:19071

Attributes

auth_value
d639522ae3c9dda998264d691a19eb33

Targets

- Target
  
  21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
- Size
  
  829KB
- MD5
  
  57db2ae32f4f19b342c42f145da41fe9
- SHA1
  
  827e839cdbda5d4ad5ddf125616853cd3c84d516
- SHA256
  
  21931e9b46dc5a9929cf82f9f851203882eac493f7dc33429e1c40cb1b75305b
- SHA512
  
  b2bde8152a54c4dd5fb337fc8653d4ddda16beb5fc74688c81d16c3c14009a493d5159265c106e5249e8d8061b6e8947b0977f9fd0e71db257d54dd52d18e3c3
- SSDEEP
  
  12288:cMr7y90mXuvntJ0i4oRtKqeTLwMGJ0+msG2PUqRe1g6vEYWdJwRuz1d:fy3XuPLOoqVIM3sGEUUHdJSc1d
Score

10^/10

healer redline bobik dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinebobikdropperevasioninfostealerpersistencetrojan