healer | 9fa43190b25a568497a49321171b3c2d47e847d45951dfc5c562051699726514 | Triage

Submit
Reports

Overview

overview

Static

static

3

9fa43190b2...14.exe

windows10-2004-x64

Sharing

General

Target

9fa43190b25a568497a49321171b3c2d47e847d45951dfc5c562051699726514
Size

530KB
Sample

241104-qjh7jszenh
MD5

5e37df2558828f034aa13a030ea95a7d
SHA1

05717ca6fb57df8b735abd404963d3a49b78ff1c
SHA256

9fa43190b25a568497a49321171b3c2d47e847d45951dfc5c562051699726514
SHA512

3294c390d2d2084fc4ac7dd6012a4e0c0d3b938a8679f0c4ba8429631a1051dfa8aeba6efa73f291b03b61a3fdf7645d816b90f61dccc32e5378e69696c464f8
SSDEEP

12288:OMrly901d93GmwvvBULGBosPTshfxOAPWtzeg:jyqdwmJGBH4t1dg

Score

10^/10

healer redline rulit discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9fa43190b25a568497a49321171b3c2d47e847d45951dfc5c562051699726514.exe

Resource

win10v2004-20241007-en

healer redline rulit discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

rulit

C2

pedigj.eu:4162

Attributes

auth_value
f4df9ef56871d4ac883b282abaf635e0

Targets

- Target
  
  9fa43190b25a568497a49321171b3c2d47e847d45951dfc5c562051699726514
- Size
  
  530KB
- MD5
  
  5e37df2558828f034aa13a030ea95a7d
- SHA1
  
  05717ca6fb57df8b735abd404963d3a49b78ff1c
- SHA256
  
  9fa43190b25a568497a49321171b3c2d47e847d45951dfc5c562051699726514
- SHA512
  
  3294c390d2d2084fc4ac7dd6012a4e0c0d3b938a8679f0c4ba8429631a1051dfa8aeba6efa73f291b03b61a3fdf7645d816b90f61dccc32e5378e69696c464f8
- SSDEEP
  
  12288:OMrly901d93GmwvvBULGBosPTshfxOAPWtzeg:jyqdwmJGBH4t1dg
Score

10^/10

healer redline rulit discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinerulitdiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy