healer | 66d026c1c5b3a34dc469a567430b98923c186eb9058b91fcd97de2c446d09018 | Triage

Submit
Reports

Overview

overview

Static

static

3

16befad06c...e9.exe

windows7-x64

16befad06c...e9.exe

windows10-2004-x64

Sharing

General

Target

16befad06cc212e8a4d3ca595d1a3b8616639d27571a06f382836bc14ae90ae9
Size

1.2MB
Sample

231011-rmyxvaee73
MD5

669209c9981459b068ca5bacce4cacab
SHA1

16547215d238027ac3e5829c13ad0798ff14c37c
SHA256

66d026c1c5b3a34dc469a567430b98923c186eb9058b91fcd97de2c446d09018
SHA512

03c0eb67a578b82d23b0069370396210c99d4a06db1b1b95badac4b9906e64914445ea1a023b4c15e03eafadfd40348429551d39ada97ddd1dfc054a6e33e672
SSDEEP

24576:E9qyMcL33UQCq+Ur5I/17skB5OmCpsO5MNIYBcfgodg6S/Ap8nFc:E9xM83qEOOk1rLv6SfFc

Score

10^/10

healer mystic redline darts kendo dropper evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

16befad06cc212e8a4d3ca595d1a3b8616639d27571a06f382836bc14ae90ae9.exe

Resource

win7-20230831-en

healer dropper evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

16befad06cc212e8a4d3ca595d1a3b8616639d27571a06f382836bc14ae90ae9.exe

Resource

win10v2004-20230915-en

healer mystic redline darts kendo dropper evasion infostealer persistence stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

darts

C2

77.91.124.82:19071

Attributes

auth_value
3c8818da7045365845f15ec0946ebf11

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

- Target
  
  16befad06cc212e8a4d3ca595d1a3b8616639d27571a06f382836bc14ae90ae9
- Size
  
  1.3MB
- MD5
  
  4ec3f8998035945c3e7929a373936df8
- SHA1
  
  cca1023eb6569397dcbcc5ef278236363394fc62
- SHA256
  
  16befad06cc212e8a4d3ca595d1a3b8616639d27571a06f382836bc14ae90ae9
- SHA512
  
  0e2aed9ea98f512158284d1c1e5c98b4e9bf31b6a4407ce378e68598ba5459ffe34caea2cab3c74a5d1d5f3e509928f869a9fac283041cc1452ef85098ca9fdc
- SSDEEP
  
  24576:GyPE3zUQ4++Ur5KSn7gKB5qsQzVtF5UNIOSLVMES7Ap8XQ:V2zwgJsKiEleZSb
Score

10^/10

healer dropper evasion persistence trojan mystic redline darts kendo infostealer stealer
- Detect Mystic stealer payload
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerdropperevasionpersistencetrojan

behavioral2

healermysticredlinedartskendodropperevasioninfostealerpersistencestealertrojan

© 2018-2024

Terms | Privacy