healer | 1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160 | Triage

Sharing

General

Target

1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
Size

767KB
Sample

230912-mgcefaec88
MD5

d3007354f337b6ce3c06b3aed11d512b
SHA1

39a88742b5050181dd9022c4fd7e1588107e045e
SHA256

1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
SHA512

edb23d62558f564cac1fdf8e9c0fd05342a7094f737abe0ee6fbd66efecc21d69a34e77330bf084a9cccc7247588de3f805663eea6797a91a11648b036e4406b
SSDEEP

12288:mMrPy90a8xg8LjqUtELa4C0Wbg0jRuw6WDdGab3nT1ogBA1H9a:RyJ6jq4EC0KRjRVdTbyk

Score

10^/10

healer redline virad dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes

auth_value
434dd63619ca8bbf10125913fb40ca28

Targets

- Target
  
  1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
- Size
  
  767KB
- MD5
  
  d3007354f337b6ce3c06b3aed11d512b
- SHA1
  
  39a88742b5050181dd9022c4fd7e1588107e045e
- SHA256
  
  1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
- SHA512
  
  edb23d62558f564cac1fdf8e9c0fd05342a7094f737abe0ee6fbd66efecc21d69a34e77330bf084a9cccc7247588de3f805663eea6797a91a11648b036e4406b
- SSDEEP
  
  12288:mMrPy90a8xg8LjqUtELa4C0Wbg0jRuw6WDdGab3nT1ogBA1H9a:RyJ6jq4EC0KRjRVdTbyk
Score

10^/10

healer redline virad dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerredlineviraddropperevasioninfostealerpersistencetrojan