healer | c22b6ac1147733913380ba7c0f23d9e8802bb8f91b681e416aa5c5a0f942d105 | Triage

Sharing

General

Target

x8002878.exe
Size

326KB
Sample

230919-hnbdhahd95
MD5

d450a74effe247298e76be251e9d20b6
SHA1

2ec5fbbbd9ea9125beb84d456fac275f9dc42adc
SHA256

c22b6ac1147733913380ba7c0f23d9e8802bb8f91b681e416aa5c5a0f942d105
SHA512

1d4d264d1e20603a5d9dccac06c5055b5ec2555f3d6d390b4bd066a45ff23ede0ea15df9eec5154ac3601c7f28537b4096d703ea294295973e99fbf2b149d678
SSDEEP

6144:K1y+bnr+Fp0yN90QEmnL5C8HqZiuNf0OSbCAVmEDus9CFst:HMr5y90A5OZiuN7oVcsGst

Score

10^/10

healer redline black dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

black

C2

77.91.124.82:19071

Attributes

auth_value
c5887216cebc5a219113738140bc3047

Targets

- Target
  
  x8002878.exe
- Size
  
  326KB
- MD5
  
  d450a74effe247298e76be251e9d20b6
- SHA1
  
  2ec5fbbbd9ea9125beb84d456fac275f9dc42adc
- SHA256
  
  c22b6ac1147733913380ba7c0f23d9e8802bb8f91b681e416aa5c5a0f942d105
- SHA512
  
  1d4d264d1e20603a5d9dccac06c5055b5ec2555f3d6d390b4bd066a45ff23ede0ea15df9eec5154ac3601c7f28537b4096d703ea294295973e99fbf2b149d678
- SSDEEP
  
  6144:K1y+bnr+Fp0yN90QEmnL5C8HqZiuNf0OSbCAVmEDus9CFst:HMr5y90A5OZiuN7oVcsGst
Score

10^/10

healer redline black dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlineblackdropperevasioninfostealerpersistencetrojan

behavioral2

healerredlineblackdropperevasioninfostealerpersistencetrojan