healer | 1b59137bf547d9c54459c91f6242018a851638e31cd3e1b1ff7864f40096e05d | Triage

Sharing

General

Target

1b59137bf547d9c54459c91f6242018a851638e31cd3e1b1ff7864f40096e05d
Size

948KB
Sample

241111-cv2lda1cja
MD5

027aa6d809639db04a71f3b41b962f8f
SHA1

953aa263520f027eeb609655e50ce5134a2026cc
SHA256

1b59137bf547d9c54459c91f6242018a851638e31cd3e1b1ff7864f40096e05d
SHA512

3f315cebd74c23aa9bac7cc951713cba9896fb8ed5750aef00dd683ae32f4d59f5c226f44f700aa9f9b0b8e1378f7b2926f7d510f3b8635fcbaaf7a4e2cd10b7
SSDEEP

24576:w1wcHWGzD/L3AqhqOuPsNxnOnQ4/fp4OXV2dsHjUPC:wvhz7dhxOf/GOXZHjUq

Score

10^/10

healer redline mixer discovery dropper infostealer persistence

Malware Config

Extracted

Family

redline

Botnet

mixer

C2

185.161.248.75:4132

Attributes

auth_value
3668eba4f0cb1021a9e9ed55e76ed85e

Targets

- Target
  
  b3fd93cdbb22498647bba224764a189c19d0d3226b63347e2fc10f7f8994facc.exe
- Size
  
  992KB
- MD5
  
  cedd2a204e4f2b1d19882d8800bad11b
- SHA1
  
  215e0d5275d567f4c1599364f6e5f5ab0e726cc8
- SHA256
  
  b3fd93cdbb22498647bba224764a189c19d0d3226b63347e2fc10f7f8994facc
- SHA512
  
  383374e1864e6008a0945afb5ba1c2b45240efd0f3e476416ad7a7fef8cac2eccf8d1017cff94aeb44b38fb365231b2e979cb3d59612c37b91f3be7d74b055dc
- SSDEEP
  
  24576:9yUtvrjcPD0GbgWSAg+Feg7Q+Yu2KsxUnWht0l:YUtTjcPDyWSAgKegbvLPWha
Score

10^/10

healer redline mixer discovery dropper infostealer persistence
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemixerdiscoverydropperinfostealerpersistence