healer | f1372b1a0961a0c57fe69d716e6992ea2a6a82ef2944465f88c1a99f117de4cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1372b1a0961a0c57fe69d716e6992ea2a6a82ef2944465f88c1a99f117de4cc
Size

1.1MB
Sample

230920-g2vtmage74
MD5

46cc4c160c07962424459a08227709c4
SHA1

0c52b072dbd5f0450a6551b77a36b3f167de8c1e
SHA256

f1372b1a0961a0c57fe69d716e6992ea2a6a82ef2944465f88c1a99f117de4cc
SHA512

112c5d63847569c70f27859d0f1f340a1ceaf2785fd99a4764d35c68c487abd4ac019ce63b6de548438c4c6bbffb3d1aa39ec64e61d73dab60f7a3be3f1d39aa
SSDEEP

24576:ayanTPzoNnJUAnIFlf10eIKWgd6OyX80xdLPPXBZPMQ8OCHJSurat:hwfK6FZ1asYOyJTLXvPMdOCpR

Score

10^/10

healer redline buben dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

buben

C2

77.91.124.82:19071

Attributes

auth_value
c62fa04aa45f5b78f62d2c21fcbefdec

Targets

- Target
  
  f1372b1a0961a0c57fe69d716e6992ea2a6a82ef2944465f88c1a99f117de4cc
- Size
  
  1.1MB
- MD5
  
  46cc4c160c07962424459a08227709c4
- SHA1
  
  0c52b072dbd5f0450a6551b77a36b3f167de8c1e
- SHA256
  
  f1372b1a0961a0c57fe69d716e6992ea2a6a82ef2944465f88c1a99f117de4cc
- SHA512
  
  112c5d63847569c70f27859d0f1f340a1ceaf2785fd99a4764d35c68c487abd4ac019ce63b6de548438c4c6bbffb3d1aa39ec64e61d73dab60f7a3be3f1d39aa
- SSDEEP
  
  24576:ayanTPzoNnJUAnIFlf10eIKWgd6OyX80xdLPPXBZPMQ8OCHJSurat:hwfK6FZ1asYOyJTLXvPMdOCpR
Score

10^/10

healer redline buben dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinebubendropperevasioninfostealerpersistencetrojan