healer | 068afe8976b4672364ddc3876769a283e55c1daca47713dc30a5014f12a7a1aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

068afe8976b4672364ddc3876769a283e55c1daca47713dc30a5014f12a7a1aa
Size

930KB
Sample

231014-elp74ahe53
MD5

ae8c1cd8beaa1d8e8cc6a221142722b8
SHA1

7b49862f384462593409d8f3d10f19afd05e9abb
SHA256

068afe8976b4672364ddc3876769a283e55c1daca47713dc30a5014f12a7a1aa
SHA512

d7b68e921cd394c06f96391b07525d1a4bf163b63bee76786a7f16437aaada9d3ed8862bbe74e344e8146d4d909c471a5ba5464387590a8ab81107d9fbf92491
SSDEEP

24576:+iuBtZgce47lrI3jH/dgPoqX5a6oESIYr3h:tuBfg+7lyjH1ggqX5zoHIYt

Score

10^/10

healer redline moner dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes

auth_value
a94cd9e01643e1945b296c28a2f28707

Targets

- Target
  
  068afe8976b4672364ddc3876769a283e55c1daca47713dc30a5014f12a7a1aa
- Size
  
  930KB
- MD5
  
  ae8c1cd8beaa1d8e8cc6a221142722b8
- SHA1
  
  7b49862f384462593409d8f3d10f19afd05e9abb
- SHA256
  
  068afe8976b4672364ddc3876769a283e55c1daca47713dc30a5014f12a7a1aa
- SHA512
  
  d7b68e921cd394c06f96391b07525d1a4bf163b63bee76786a7f16437aaada9d3ed8862bbe74e344e8146d4d909c471a5ba5464387590a8ab81107d9fbf92491
- SSDEEP
  
  24576:+iuBtZgce47lrI3jH/dgPoqX5a6oESIYr3h:tuBfg+7lyjH1ggqX5zoHIYt
Score

10^/10

healer redline moner dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

healerredlinemonerdropperevasioninfostealerpersistencetrojan