healer | 106fdcfe63ae6262c55ad7b8e5d4dcd088631a26da1816f8de9ddca0ac8b0f4c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JC_106fdcfe63ae6262c55ad7b8e5d4dcd088631a26da1816f8de9ddca0ac8b0f4c
Size

828KB
Sample

230902-mleelacc35
MD5

2f72b8eccee53ced23a8f1a0afc71f87
SHA1

514562e63f5cae45235355bca41f77da421ed4f8
SHA256

106fdcfe63ae6262c55ad7b8e5d4dcd088631a26da1816f8de9ddca0ac8b0f4c
SHA512

02d614c0da5441234d6b64dcc237038cfe83e20bd98de83b4f907725536e301edf4ad2c7935ed4d334004e396366c3bd8a6df32da966bf7c993fa199f683bd34
SSDEEP

24576:pyX3667gaftfDco68snYhd6t9/cbjD1NA9g:cX7galf4oW9/cTQ

Score

10^/10

healer redline domka dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

domka

C2

77.91.124.82:19071

Attributes

auth_value
74e19436acac85e44d691aebcc617529

Targets

- Target
  
  JC_106fdcfe63ae6262c55ad7b8e5d4dcd088631a26da1816f8de9ddca0ac8b0f4c
- Size
  
  828KB
- MD5
  
  2f72b8eccee53ced23a8f1a0afc71f87
- SHA1
  
  514562e63f5cae45235355bca41f77da421ed4f8
- SHA256
  
  106fdcfe63ae6262c55ad7b8e5d4dcd088631a26da1816f8de9ddca0ac8b0f4c
- SHA512
  
  02d614c0da5441234d6b64dcc237038cfe83e20bd98de83b4f907725536e301edf4ad2c7935ed4d334004e396366c3bd8a6df32da966bf7c993fa199f683bd34
- SSDEEP
  
  24576:pyX3667gaftfDco68snYhd6t9/cbjD1NA9g:cX7galf4oW9/cTQ
Score

10^/10

healer redline domka dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedomkadropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinedomkadropperevasioninfostealerpersistencetrojan