healer | 9e6840bd3bfa0c2d9dfc16193a3b67abf16bf84ffe374e1276540d1b8f3dd9fc | Triage

Submit
Reports

Overview

overview

Static

static

3

0a62172ecf...cs.exe

windows10-2004-x64

Sharing

General

Target

0a62172ecf9e400da1d1e36aec9ad750_NeikiAnalytics.exe
Size

539KB
Sample

240525-ghzngagd4y
MD5

0a62172ecf9e400da1d1e36aec9ad750
SHA1

be2da4c89ce1379381587b261cb128b2dfbd05ea
SHA256

9e6840bd3bfa0c2d9dfc16193a3b67abf16bf84ffe374e1276540d1b8f3dd9fc
SHA512

e1006419e103d629277090c24d892efb8e60304bbc578266dd8ee87a1d13f437ebca5e4a872b28f20124efc9c16873e0caecedea685a8ce084213507be25b215
SSDEEP

12288:FQCy90Yh85xXh8uOm0i8TmUSMYPOsjmMrTF3VHp7:3y3h4tOGPOsjxF/

Score

10^/10

healer redline down dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0a62172ecf9e400da1d1e36aec9ad750_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

healer redline down dropper evasion infostealer persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes

auth_value
12c31a90c72f5efae8c053a0bd339381

Targets

- Target
  
  0a62172ecf9e400da1d1e36aec9ad750_NeikiAnalytics.exe
- Size
  
  539KB
- MD5
  
  0a62172ecf9e400da1d1e36aec9ad750
- SHA1
  
  be2da4c89ce1379381587b261cb128b2dfbd05ea
- SHA256
  
  9e6840bd3bfa0c2d9dfc16193a3b67abf16bf84ffe374e1276540d1b8f3dd9fc
- SHA512
  
  e1006419e103d629277090c24d892efb8e60304bbc578266dd8ee87a1d13f437ebca5e4a872b28f20124efc9c16873e0caecedea685a8ce084213507be25b215
- SSDEEP
  
  12288:FQCy90Yh85xXh8uOm0i8TmUSMYPOsjmMrTF3VHp7:3y3h4tOGPOsjxF/
Score

10^/10

healer redline down dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

healerredlinedowndropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy