healer | 521e7a165e9802c7282e2e3f8beebe9131fbd4745d8be16b8cfe24b2d92d1d06 | Triage

Sharing

General

Target

521e7a165e9802c7282e2e3f8beebe9131fbd4745d8be16b8cfe24b2d92d1d06
Size

674KB
Sample

241106-kqdbzsxbqh
MD5

0ea69ed2d00f5e8e7682e4910c6e5c76
SHA1

62563ea6bf935ebfec1925f8a8cb4640c1bad525
SHA256

521e7a165e9802c7282e2e3f8beebe9131fbd4745d8be16b8cfe24b2d92d1d06
SHA512

e5867fbdde79fe2fb27bd62f2df188dbf6e3b13b9c46621b7bec8d40f91c33a6222267f528152e6351d52ae2d47a9b876e826f873970374f0a1ba6e7630fe873
SSDEEP

12288:+iJy904NU9VWAx97gKsdZ8UbLo8DJ+1B9qtNT8sFq8GdqHjiX+uFU8L:+GyzN0qJN81aL9FWgHG+cUW

Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes

auth_value
e5783636fbd9e4f0cf9a017bce02e67e

Targets

- Target
  
  d85c4e6e98dcf71acd366924c3f34ebdd2dea11c6ccf652d5c02078f74ef3405
- Size
  
  725KB
- MD5
  
  75ab4de456296645566af9d847ac6392
- SHA1
  
  d196db351b1b7e653d57469aa82a713ea8f5b185
- SHA256
  
  d85c4e6e98dcf71acd366924c3f34ebdd2dea11c6ccf652d5c02078f74ef3405
- SHA512
  
  a77d7a9adb20af8cf1e18fe6184a2fa1240c45c8647e888f6013d6171cafdb900646995c80166e5ffd86155b4846da7d146fd66845b035c4375eed6af2c205fc
- SSDEEP
  
  12288:PMr0y906xWqx90zGpR3MLo8dqVBw+Xb9qtLT8sF4UGd4Hj0X+ujdFC:vy5oz/NAV9Xwl9F6aHk+P
Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinefukiadiscoverydropperevasioninfostealerpersistencetrojan