healer | eab3e27e19b610a1a1a8a23092835343e10f25e6c145be41f93e618a44e9bebb | Triage

Submit
Reports

Overview

overview

Static

static

3

eab3e27e19...bb.exe

windows10-2004-x64

Sharing

General

Target

eab3e27e19b610a1a1a8a23092835343e10f25e6c145be41f93e618a44e9bebb
Size

269KB
Sample

240524-fg1zgaea68
MD5

94d8582df5fde8a4f1e3e47b1a464b5f
SHA1

d466d7326164cb6b0f40497b3629c6ea070b4cd0
SHA256

eab3e27e19b610a1a1a8a23092835343e10f25e6c145be41f93e618a44e9bebb
SHA512

2752d4e804e948fd26610646437c48464006c080b01484fb1ef51644cf3d0c7ba2d10a4bab1f8913bb7834696bdb6251c3a048c586301ac5db55fc7925ad1af2
SSDEEP

6144:Khy+bnr+Sp0yN90QEf92P0yqvSnEFDtt6:7MrGy90ZEsyqv6az6

Score

10^/10

healer redline smoke dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eab3e27e19b610a1a1a8a23092835343e10f25e6c145be41f93e618a44e9bebb.exe

Resource

win10v2004-20240508-en

healer redline smoke dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

smoke

C2

83.97.73.131:19071

Attributes

auth_value
aaa47198b84c95fcce9397339e8af9d4

Targets

- Target
  
  eab3e27e19b610a1a1a8a23092835343e10f25e6c145be41f93e618a44e9bebb
- Size
  
  269KB
- MD5
  
  94d8582df5fde8a4f1e3e47b1a464b5f
- SHA1
  
  d466d7326164cb6b0f40497b3629c6ea070b4cd0
- SHA256
  
  eab3e27e19b610a1a1a8a23092835343e10f25e6c145be41f93e618a44e9bebb
- SHA512
  
  2752d4e804e948fd26610646437c48464006c080b01484fb1ef51644cf3d0c7ba2d10a4bab1f8913bb7834696bdb6251c3a048c586301ac5db55fc7925ad1af2
- SSDEEP
  
  6144:Khy+bnr+Sp0yN90QEf92P0yqvSnEFDtt6:7MrGy90ZEsyqv6az6
Score

10^/10

healer redline smoke dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Detects executables packed with ConfuserEx Mod
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerredlinesmokedropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy