healer | 9cdb237e74860a76b5242d867b8ee034744d3638ba39b6324c6bae8b7dc5de6e | Triage

Submit
Reports

Overview

overview

Static

static

3

9cdb237e74...6e.exe

windows10-2004-x64

Sharing

General

Target

9cdb237e74860a76b5242d867b8ee034744d3638ba39b6324c6bae8b7dc5de6e
Size

550KB
Sample

241111-kjksgswgjr
MD5

cb8785de82caa61fa0a6698ccc035bd3
SHA1

2c23782fe25fdae820dff7369195c1b91b5175a8
SHA256

9cdb237e74860a76b5242d867b8ee034744d3638ba39b6324c6bae8b7dc5de6e
SHA512

e6ff15847b6853a80d5ebefe5da48519247cdf4e3b8dac095ae738ba8c8fabbddf1b38750c10c59b22ff2f27de8353e7abffe4e4d5bfb0a6a994baa2993a744e
SSDEEP

12288:WMrxy903uPrKsHvKyv4e7BDGx1JEH2bviw6uwqKHQ0b5RO:ry1zKsPKyvLi1oqmH9b5RO

Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9cdb237e74860a76b5242d867b8ee034744d3638ba39b6324c6bae8b7dc5de6e.exe

Resource

win10v2004-20241007-en

healer redline mango discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  9cdb237e74860a76b5242d867b8ee034744d3638ba39b6324c6bae8b7dc5de6e
- Size
  
  550KB
- MD5
  
  cb8785de82caa61fa0a6698ccc035bd3
- SHA1
  
  2c23782fe25fdae820dff7369195c1b91b5175a8
- SHA256
  
  9cdb237e74860a76b5242d867b8ee034744d3638ba39b6324c6bae8b7dc5de6e
- SHA512
  
  e6ff15847b6853a80d5ebefe5da48519247cdf4e3b8dac095ae738ba8c8fabbddf1b38750c10c59b22ff2f27de8353e7abffe4e4d5bfb0a6a994baa2993a744e
- SSDEEP
  
  12288:WMrxy903uPrKsHvKyv4e7BDGx1JEH2bviw6uwqKHQ0b5RO:ry1zKsPKyvLi1oqmH9b5RO
Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy