healer | f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813 | Triage

Submit
Reports

Overview

overview

Static

static

3

f70eeb0cef...13.exe

windows10-2004-x64

Sharing

General

Target

f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813
Size

569KB
Sample

240310-cgtnlshc66
MD5

4f1dd109b89b8c1010efc44389e1c573
SHA1

98480974e1f6d442b2029cb01ad94fdc82677c2d
SHA256

f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813
SHA512

f32b662fd57867f44a733da8c39a419380d0e64903914ff18043f08fecff0e7ba1a7739df0df37c4ee70de0d2d380484fa805bc0a22a1803a4ca0adc0b250ff8
SSDEEP

12288:CMrfy90Fahimz7AuxqVjcVB0QvDEsZ+ta5y+h:1yEsVAuxYjcwWLka5yW

Score

10^/10

healer redline mango dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813.exe

Resource

win10v2004-20240226-en

healer redline mango dropper evasion infostealer persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813
- Size
  
  569KB
- MD5
  
  4f1dd109b89b8c1010efc44389e1c573
- SHA1
  
  98480974e1f6d442b2029cb01ad94fdc82677c2d
- SHA256
  
  f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813
- SHA512
  
  f32b662fd57867f44a733da8c39a419380d0e64903914ff18043f08fecff0e7ba1a7739df0df37c4ee70de0d2d380484fa805bc0a22a1803a4ca0adc0b250ff8
- SSDEEP
  
  12288:CMrfy90Fahimz7AuxqVjcVB0QvDEsZ+ta5y+h:1yEsVAuxYjcwWLka5yW
Score

10^/10

healer redline mango dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerredlinemangodropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy