healer | 3da3b9fecfd796696af6c55cfca29f53dca97e82dca92edbe0765ebd0b323af6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JC_3da3b9fecfd796696af6c55cfca29f53dca97e82dca92edbe0765ebd0b323af6
Size

826KB
Sample

230902-m4d7jscb3x
MD5

96b102cbcdb4b02dc90abfcd2ca8bff0
SHA1

b93247214ecd0e4b77aec20258bf5d6933bd4cb7
SHA256

3da3b9fecfd796696af6c55cfca29f53dca97e82dca92edbe0765ebd0b323af6
SHA512

f0bad607a3d23c6e2c7ce0b98a87d6283a85afb07174100de098d041075a37b37bd762635015e7ba3701cee3afe923d5379ac4c03785c28bd5d8494be33652a8
SSDEEP

12288:XMrjy90cgzzWmqrKPoWwGUn4L3YhrICgobqu2efwb4I4d5pqilj6lV6rCS4+dCx0:sygWDWw+L3jHiqu2dMINip8bSix+P

Score

10^/10

healer redline bobik dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

bobik

C2

77.91.124.82:19071

Attributes

auth_value
d639522ae3c9dda998264d691a19eb33

Targets

- Target
  
  JC_3da3b9fecfd796696af6c55cfca29f53dca97e82dca92edbe0765ebd0b323af6
- Size
  
  826KB
- MD5
  
  96b102cbcdb4b02dc90abfcd2ca8bff0
- SHA1
  
  b93247214ecd0e4b77aec20258bf5d6933bd4cb7
- SHA256
  
  3da3b9fecfd796696af6c55cfca29f53dca97e82dca92edbe0765ebd0b323af6
- SHA512
  
  f0bad607a3d23c6e2c7ce0b98a87d6283a85afb07174100de098d041075a37b37bd762635015e7ba3701cee3afe923d5379ac4c03785c28bd5d8494be33652a8
- SSDEEP
  
  12288:XMrjy90cgzzWmqrKPoWwGUn4L3YhrICgobqu2efwb4I4d5pqilj6lV6rCS4+dCx0:sygWDWw+L3jHiqu2dMINip8bSix+P
Score

10^/10

healer redline bobik dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinebobikdropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinebobikdropperevasioninfostealerpersistencetrojan