healer | 50011d8a1f9d89bfb79665fe93fb6cbed428d41d762171d9b432e942c8d7263b | Triage

Sharing

General

Target

50011d8a1f9d89bfb79665fe93fb6cbed428d41d762171d9b432e942c8d7263b
Size

993KB
Sample

241111-afk9qsxhpk
MD5

6d913fef008b026a6b67d0133d6bc8d0
SHA1

b2d9f2559af9807c3358a4c90a9a6780ad155dce
SHA256

50011d8a1f9d89bfb79665fe93fb6cbed428d41d762171d9b432e942c8d7263b
SHA512

87e5d8202c897430c4663fff50d111919d448f113cfd43f9fadf786979fec6cd8d91b4ba97756857f95e0606c3d4f4cf96cdebf5b6fc3339744cee2e09a0b8aa
SSDEEP

24576:7yx9pG7SgWL7AlWeCpcqZlMvR3CvuHxCu5b6:uxK7PWLBe6lcR3quHxV

Score

10^/10

healer redline mixer discovery dropper infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

mixer

C2

185.161.248.75:4132

Attributes

auth_value
3668eba4f0cb1021a9e9ed55e76ed85e

Targets

- Target
  
  50011d8a1f9d89bfb79665fe93fb6cbed428d41d762171d9b432e942c8d7263b
- Size
  
  993KB
- MD5
  
  6d913fef008b026a6b67d0133d6bc8d0
- SHA1
  
  b2d9f2559af9807c3358a4c90a9a6780ad155dce
- SHA256
  
  50011d8a1f9d89bfb79665fe93fb6cbed428d41d762171d9b432e942c8d7263b
- SHA512
  
  87e5d8202c897430c4663fff50d111919d448f113cfd43f9fadf786979fec6cd8d91b4ba97756857f95e0606c3d4f4cf96cdebf5b6fc3339744cee2e09a0b8aa
- SSDEEP
  
  24576:7yx9pG7SgWL7AlWeCpcqZlMvR3CvuHxCu5b6:uxK7PWLBe6lcR3quHxV
Score

10^/10

healer redline mixer discovery dropper infostealer persistence
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemixerdiscoverydropperinfostealerpersistence