healer | 0585e6076efbd458084570eedaa67d5aa4ab5d9e84dab51575700d81fc62b339 | Triage

Sharing

General

Target

2cf3440b2d80262ff7e81b5e204dbd20_NeikiAnalytics.exe
Size

549KB
Sample

240516-zcv27sfc45
MD5

2cf3440b2d80262ff7e81b5e204dbd20
SHA1

d6356872e9a662519642cc082e006f8740acdf6b
SHA256

0585e6076efbd458084570eedaa67d5aa4ab5d9e84dab51575700d81fc62b339
SHA512

b4119ab90a205788b835899937ce4bd4582f635839ce2864d4adcfe684a1b372b94071c1f49469c9fdb0575719f4ab23a3bb4a959d23e9cc36b9353c780cd4b0
SSDEEP

12288:6MrMy90IsGEEvxrgzFE9q68EslUpPdxzEKz41d0E50Uo:6yDsErf9N+lUbx0p50Uo

Score

10^/10

healer redline norm dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.68.70:19073

Attributes

auth_value
1514e6c0ec3d10a36f68f61b206f5759

Targets

- Target
  
  2cf3440b2d80262ff7e81b5e204dbd20_NeikiAnalytics.exe
- Size
  
  549KB
- MD5
  
  2cf3440b2d80262ff7e81b5e204dbd20
- SHA1
  
  d6356872e9a662519642cc082e006f8740acdf6b
- SHA256
  
  0585e6076efbd458084570eedaa67d5aa4ab5d9e84dab51575700d81fc62b339
- SHA512
  
  b4119ab90a205788b835899937ce4bd4582f635839ce2864d4adcfe684a1b372b94071c1f49469c9fdb0575719f4ab23a3bb4a959d23e9cc36b9353c780cd4b0
- SSDEEP
  
  12288:6MrMy90IsGEEvxrgzFE9q68EslUpPdxzEKz41d0E50Uo:6yDsErf9N+lUbx0p50Uo
Score

10^/10

healer redline norm dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinenormdropperevasioninfostealerpersistencetrojan