healer | 7993c2ce826ba46a2f73701323205a1ca339c8b6f013a9dca451b27658e6264f | Triage

Submit
Reports

Overview

overview

Static

static

3

7993c2ce82...4f.exe

windows10-2004-x64

Sharing

General

Target

7993c2ce826ba46a2f73701323205a1ca339c8b6f013a9dca451b27658e6264f
Size

876KB
Sample

241111-jj9aeavmgt
MD5

ef16658bab8602d9b8ee1365c1ede57b
SHA1

7cd3c11f5235cce2026b50ae6cd490e4cb4ebf31
SHA256

7993c2ce826ba46a2f73701323205a1ca339c8b6f013a9dca451b27658e6264f
SHA512

eb45c2ad2d5795d4f723fef3c5579dd2b6b0c1c34a3f435c0502d67edeb050318c78e74765dc85cb358c769a2aa59ce5aa81ea2269f318ee8bd24b55384ec103
SSDEEP

12288:9MrWy90pvD7FQVZxEttQ8gcUvOhPeGisF5NGRsphQ0KAor0Bc7a4hGwmxbjrHcgy:DyMvD7FQvxgGG0fsj9rI7aZwY8z

Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7993c2ce826ba46a2f73701323205a1ca339c8b6f013a9dca451b27658e6264f.exe

Resource

win10v2004-20241007-en

healer redline mango discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  7993c2ce826ba46a2f73701323205a1ca339c8b6f013a9dca451b27658e6264f
- Size
  
  876KB
- MD5
  
  ef16658bab8602d9b8ee1365c1ede57b
- SHA1
  
  7cd3c11f5235cce2026b50ae6cd490e4cb4ebf31
- SHA256
  
  7993c2ce826ba46a2f73701323205a1ca339c8b6f013a9dca451b27658e6264f
- SHA512
  
  eb45c2ad2d5795d4f723fef3c5579dd2b6b0c1c34a3f435c0502d67edeb050318c78e74765dc85cb358c769a2aa59ce5aa81ea2269f318ee8bd24b55384ec103
- SSDEEP
  
  12288:9MrWy90pvD7FQVZxEttQ8gcUvOhPeGisF5NGRsphQ0KAor0Bc7a4hGwmxbjrHcgy:DyMvD7FQvxgGG0fsj9rI7aZwY8z
Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy