healer | 5de39817d48c418c7e85b05c286dfe0d2270d190a78e9307b53305b102b28461 | Triage

Sharing

General

Target

9451cabb6a19f7a4610bc7abc27feddb_JC.bin
Size

785KB
Sample

230902-nzw28sch57
MD5

651be54605125ad5cbae4c7069482b64
SHA1

16224af2f0a67f06c7ef3d1202cbe51163d64610
SHA256

5de39817d48c418c7e85b05c286dfe0d2270d190a78e9307b53305b102b28461
SHA512

a9d6e73300bb3e8c75c15e2b7ce56e226188f97299adb24d035c10c9ad55afa5dcf95de8a81395e9542a9f9b3f996f5271efaf929ab29d949674c1bcb2f9f506
SSDEEP

24576:i+W+UT/wa9xNsAQ5PRct8lBGwu6O0dOLV:it/wK+rhZO0cV

Score

10^/10

healer redline sruta dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

sruta

C2

77.91.124.82:19071

Attributes

auth_value
c556edcd49703319eca74247de20c236

Targets

- Target
  
  a4ee2cfc1cbd9e298141bbfde343af98dd6f8ef9f72edae72e40689f894d76a8.exe
- Size
  
  828KB
- MD5
  
  9451cabb6a19f7a4610bc7abc27feddb
- SHA1
  
  fa064a2352b283669be8a781a7059d8005d22b79
- SHA256
  
  a4ee2cfc1cbd9e298141bbfde343af98dd6f8ef9f72edae72e40689f894d76a8
- SHA512
  
  11d9c87bf9021ff09baf3fd54714d87cc6c3557742d8dc5f47d36af25ee53b8c607642cb18636227fbebe812ed45ecac42d09d2c6e0b67df0e323ded19afa499
- SSDEEP
  
  12288:nMrAy90jey2SiHFSumTGMYjvPJMIop5Nh+WKJlWUCucfRF583SYTYKcqst2c6A:nyRN5XeEjZMFXh+WKoxLfRL8CDqa56A
Score

10^/10

healer redline sruta dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinesrutadropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinesrutadropperevasioninfostealerpersistencetrojan