healer | 00be67d21d44f49d4125db1a807933338549ac8f8073e86431e55548939f88af | Triage

Sharing

General

Target

00be67d21d44f49d4125db1a807933338549ac8f8073e86431e55548939f88af
Size

694KB
Sample

241107-pe9y2avkam
MD5

a252e157024aa46f80cdc2f83fe35bdf
SHA1

c719d7d87f2d71b9b303c7274c21a88641f2af9c
SHA256

00be67d21d44f49d4125db1a807933338549ac8f8073e86431e55548939f88af
SHA512

3bef5d869b20ba165c8b2d490a93d38df9d1c146485d01ce5a4d747c3fb8fd7daa5bd5263dd4bd335166264b29ad4f2d55ee2d069cfac0318c24d2e57b133a82
SSDEEP

12288:jEBwqLeylT+cogNpU5mcs9Rzx5I9UlXH7mwpgQ/Vbwzzyw:QBT5h+c5TU5mT9Rz4i1yCJ9eyw

Score

10^/10

healer redline diza discovery dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes

auth_value
0d09b419c8bc967f91c68be4a17e92ee

Targets

- Target
  
  24eb6393c2efe3f2e9526f6d344af6fc709ae52125c0da80b2951a0412855b58.exe
- Size
  
  738KB
- MD5
  
  ec7fcaaed32badde93aeec8063479448
- SHA1
  
  9ee7c1b819f6641c2c096f5f1b79cf93d377a606
- SHA256
  
  24eb6393c2efe3f2e9526f6d344af6fc709ae52125c0da80b2951a0412855b58
- SHA512
  
  59674b5b169f0b323a9db630e007662526ae1271ac085c4eb61d09cf00c98c1315d535077480b8bb03a22de755b74f75ed1f9e32a4cb7d17b15df755c7b29ad3
- SSDEEP
  
  12288:DMrLy90xCiqfVY/zfy6gbBmcgIMmP8OtjyscNPmEX0GvOYWDAW:IyGk+OMDmWsqd0kW
Score

10^/10

healer redline diza discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedizadiscoverydropperevasioninfostealerpersistencetrojan