healer | 358fc2bdf37c6107c594283228a55225dac0ea15fd2ccd195e7a69fd0157d756 | Triage

Submit
Reports

Overview

overview

Static

static

3

358fc2bdf3...56.exe

windows10-2004-x64

Sharing

General

Target

358fc2bdf37c6107c594283228a55225dac0ea15fd2ccd195e7a69fd0157d756
Size

865KB
Sample

241111-l91gasxkfv
MD5

a3f3d0f2f18a3dfa193ecf198ffca874
SHA1

42112224c49311f3f3978478a0df3f8b6569f5ae
SHA256

358fc2bdf37c6107c594283228a55225dac0ea15fd2ccd195e7a69fd0157d756
SHA512

a4c68534140167e312fff1a2512497fc5c610b67a3eb09bfabf51bb26daded0ebf9696c730df3145eec9e657a17611c6e6a2cbe09ad8d1c352dbf4ad0c9cceec
SSDEEP

24576:Sy0hjWmax/UFFSrQ01Y+cSEDiNrBV5nYIrAZs:5KW/uF26SEDiNFcI

Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

358fc2bdf37c6107c594283228a55225dac0ea15fd2ccd195e7a69fd0157d756.exe

Resource

win10v2004-20241007-en

healer redline mango discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  358fc2bdf37c6107c594283228a55225dac0ea15fd2ccd195e7a69fd0157d756
- Size
  
  865KB
- MD5
  
  a3f3d0f2f18a3dfa193ecf198ffca874
- SHA1
  
  42112224c49311f3f3978478a0df3f8b6569f5ae
- SHA256
  
  358fc2bdf37c6107c594283228a55225dac0ea15fd2ccd195e7a69fd0157d756
- SHA512
  
  a4c68534140167e312fff1a2512497fc5c610b67a3eb09bfabf51bb26daded0ebf9696c730df3145eec9e657a17611c6e6a2cbe09ad8d1c352dbf4ad0c9cceec
- SSDEEP
  
  24576:Sy0hjWmax/UFFSrQ01Y+cSEDiNrBV5nYIrAZs:5KW/uF26SEDiNFcI
Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy