healer | 6e6113efb8d2ac46560561b1454f78d94894792d369632b1f2dbc3b0123aa683 | Triage

Submit
Reports

Overview

overview

Static

static

3

c72b51e939...cs.exe

windows10-2004-x64

Sharing

General

Target

c72b51e9396e3560ee77227b3aca58e0_NeikiAnalytics
Size

307KB
Sample

240514-p2p75sgc66
MD5

c72b51e9396e3560ee77227b3aca58e0
SHA1

5ed660f289156d0296490b4e42c94471db7f4330
SHA256

6e6113efb8d2ac46560561b1454f78d94894792d369632b1f2dbc3b0123aa683
SHA512

0f3769f9ac64ff3652e2630f1540d59cf70cab2c5624f017a09517895534254a018f6f978220e0888d5590aa8b811fa4f1520fc4860d7572e06e98b11b146ad0
SSDEEP

6144:KBy+bnr+Lp0yN90QEc5F5OYc1u31g4TByPdRnh1leJxPyRy327:bMr3y90axc1u31TTEfnh6yd7

Score

10^/10

healer redline morty dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c72b51e9396e3560ee77227b3aca58e0_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

healer redline morty dropper evasion infostealer persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

morty

C2

217.196.96.101:4132

Attributes

auth_value
fe1a24c211cc8e5bf9ff11c737ce0e97

Targets

- Target
  
  c72b51e9396e3560ee77227b3aca58e0_NeikiAnalytics
- Size
  
  307KB
- MD5
  
  c72b51e9396e3560ee77227b3aca58e0
- SHA1
  
  5ed660f289156d0296490b4e42c94471db7f4330
- SHA256
  
  6e6113efb8d2ac46560561b1454f78d94894792d369632b1f2dbc3b0123aa683
- SHA512
  
  0f3769f9ac64ff3652e2630f1540d59cf70cab2c5624f017a09517895534254a018f6f978220e0888d5590aa8b811fa4f1520fc4860d7572e06e98b11b146ad0
- SSDEEP
  
  6144:KBy+bnr+Lp0yN90QEc5F5OYc1u31g4TByPdRnh1leJxPyRy327:bMr3y90axc1u31TTEfnh6yd7
Score

10^/10

healer redline morty dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerredlinemortydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy