healer | aee53fccee33b73dab9491356e6eb50d71b3b380ca589b649b6ec63ff792c3da | Triage

Submit
Reports

Overview

overview

Static

static

3

7903417a44...cs.exe

windows10-2004-x64

Sharing

General

Target

7903417a4425e5f819fdca4ddb5a4ae0_NeikiAnalytics
Size

479KB
Sample

240512-hh6x8adc5v
MD5

7903417a4425e5f819fdca4ddb5a4ae0
SHA1

42be90bb5600574abb0b37113b65b32d6388b7ff
SHA256

aee53fccee33b73dab9491356e6eb50d71b3b380ca589b649b6ec63ff792c3da
SHA512

11fff0808094ce693e9af5c1f3544f8efad57f5014959329a41d5d76ff92f9be45a3963b9307cfa829694d743f86b1c56f342b38f4f52d5f602339e5bca05fbf
SSDEEP

12288:qMrSy90q5EwvocAm820Gfl6pleAG/R/7hhVecnO:syMuocdMy8Hel/R/7hJO

Score

10^/10

healer redline divan dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7903417a4425e5f819fdca4ddb5a4ae0_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

healer redline divan dropper evasion infostealer persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

divan

C2

217.196.96.102:4132

Attributes

auth_value
b414986bebd7f5a3ec9aee0341b8e769

Targets

- Target
  
  7903417a4425e5f819fdca4ddb5a4ae0_NeikiAnalytics
- Size
  
  479KB
- MD5
  
  7903417a4425e5f819fdca4ddb5a4ae0
- SHA1
  
  42be90bb5600574abb0b37113b65b32d6388b7ff
- SHA256
  
  aee53fccee33b73dab9491356e6eb50d71b3b380ca589b649b6ec63ff792c3da
- SHA512
  
  11fff0808094ce693e9af5c1f3544f8efad57f5014959329a41d5d76ff92f9be45a3963b9307cfa829694d743f86b1c56f342b38f4f52d5f602339e5bca05fbf
- SSDEEP
  
  12288:qMrSy90q5EwvocAm820Gfl6pleAG/R/7hhVecnO:syMuocdMy8Hel/R/7hJO
Score

10^/10

healer redline divan dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedivandropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy