healer | 33232f657301f06deca16f7e078f6a7e082a0bd1837ed92fefec89b1b6eab906 | Triage

Submit
Reports

Overview

overview

Static

static

3

06cc922bbf...cs.exe

windows10-2004-x64

Sharing

General

Target

06cc922bbf2a4da7d68c682c7111ea00_NeikiAnalytics
Size

479KB
Sample

240510-r9qvrabe5t
MD5

06cc922bbf2a4da7d68c682c7111ea00
SHA1

01c61c8bd76b8a2e939b4f24d40674d5692a0634
SHA256

33232f657301f06deca16f7e078f6a7e082a0bd1837ed92fefec89b1b6eab906
SHA512

c0cd35bc30ee1171d60a74444a0cb12db66a2e1c5034f4c6565eaaf0619931053a1afa74a37cdadbd39c995f36b258849c486a6983896eb678daab046dcb9622
SSDEEP

6144:K5y+bnr+Vp0yN90QEBVXjr+vQkofbHDUShI811MPZPP9jKONDhFHwjqekrkGL:HMrRy90lzSLEHDFIQ1iP95DXgqbrky

Score

10^/10

healer redline dumud dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

06cc922bbf2a4da7d68c682c7111ea00_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

healer redline dumud dropper evasion infostealer persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

dumud

C2

217.196.96.101:4132

Attributes

auth_value
3e18d4b90418aa3e78d8822e87c62f5c

Targets

- Target
  
  06cc922bbf2a4da7d68c682c7111ea00_NeikiAnalytics
- Size
  
  479KB
- MD5
  
  06cc922bbf2a4da7d68c682c7111ea00
- SHA1
  
  01c61c8bd76b8a2e939b4f24d40674d5692a0634
- SHA256
  
  33232f657301f06deca16f7e078f6a7e082a0bd1837ed92fefec89b1b6eab906
- SHA512
  
  c0cd35bc30ee1171d60a74444a0cb12db66a2e1c5034f4c6565eaaf0619931053a1afa74a37cdadbd39c995f36b258849c486a6983896eb678daab046dcb9622
- SSDEEP
  
  6144:K5y+bnr+Vp0yN90QEBVXjr+vQkofbHDUShI811MPZPP9jKONDhFHwjqekrkGL:HMrRy90lzSLEHDFIQ1iP95DXgqbrky
Score

10^/10

healer redline dumud dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerredlinedumuddropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy