healer | 8c79cf058d5b20de529f66cf390646a82bc614e704963cfd37666328861a32c8 | Triage

Sharing

General

Target

662da062f44427bae8ac9cb902d93210_NeikiAnalytics.exe
Size

374KB
Sample

240526-e33jraff77
MD5

662da062f44427bae8ac9cb902d93210
SHA1

1b98a3e6f08772ea1c89d247af418ca31d6f30ae
SHA256

8c79cf058d5b20de529f66cf390646a82bc614e704963cfd37666328861a32c8
SHA512

57c8105994381536397041b8acf8192841f57bfe43ec25d8e60508d134c46fb24b08c8b238b39eacf38b55c903a1b7473c8ba3fd6501b43c0e26b13d11f8e91c
SSDEEP

6144:KZy+bC+Ep0yN90QEJRJncwhleyRXPxXAmpxW6HdzwDUymicKKfgnpS7yexXj60Ci:39wy90DncwhxxQO0MRwDU5fgn0lVj7

Score

10^/10

healer redline dezik dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

dezik

C2

193.56.146.220:4174

Attributes

auth_value
d39f21dca8edc10800b036ab83f4d75e

Targets

- Target
  
  662da062f44427bae8ac9cb902d93210_NeikiAnalytics.exe
- Size
  
  374KB
- MD5
  
  662da062f44427bae8ac9cb902d93210
- SHA1
  
  1b98a3e6f08772ea1c89d247af418ca31d6f30ae
- SHA256
  
  8c79cf058d5b20de529f66cf390646a82bc614e704963cfd37666328861a32c8
- SHA512
  
  57c8105994381536397041b8acf8192841f57bfe43ec25d8e60508d134c46fb24b08c8b238b39eacf38b55c903a1b7473c8ba3fd6501b43c0e26b13d11f8e91c
- SSDEEP
  
  6144:KZy+bC+Ep0yN90QEJRJncwhleyRXPxXAmpxW6HdzwDUymicKKfgnpS7yexXj60Ci:39wy90DncwhxxQO0MRwDU5fgn0lVj7
Score

10^/10

healer redline dezik dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedezikdropperevasioninfostealerpersistencetrojan