healer | 003ae49123e28226b10728ea39c4a0e0396fb67b8e56616a6b71f6ae2806af30 | Triage

Submit
Reports

Overview

overview

Static

static

3

003ae49123...30.exe

windows10-2004-x64

Sharing

General

Target

003ae49123e28226b10728ea39c4a0e0396fb67b8e56616a6b71f6ae2806af30.exe
Size

642KB
Sample

241112-xcr97s1rel
MD5

d95c6ceba218c8f954abc0653f8d585d
SHA1

8bc089217132daba5e9aa059e7d8c2cfb75489ba
SHA256

003ae49123e28226b10728ea39c4a0e0396fb67b8e56616a6b71f6ae2806af30
SHA512

f4b2a65a18e43f0d72ec780370e9ce00648b3d027437410760464730cc814ef7f03e743752f87c3ccb0c9292fa370311a3aa175eddfb9cdddf480af819ee7435
SSDEEP

12288:aMrJy90m6IzFOAS7y8bO1s1K/JJj/rodWJRdkRV61HZdryk1EdtffTvwpqxQa:DygTAz8bhUjfo8JfoI15eVfTvwa

Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

003ae49123e28226b10728ea39c4a0e0396fb67b8e56616a6b71f6ae2806af30.exe

Resource

win10v2004-20241007-en

healer redline mango discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  003ae49123e28226b10728ea39c4a0e0396fb67b8e56616a6b71f6ae2806af30.exe
- Size
  
  642KB
- MD5
  
  d95c6ceba218c8f954abc0653f8d585d
- SHA1
  
  8bc089217132daba5e9aa059e7d8c2cfb75489ba
- SHA256
  
  003ae49123e28226b10728ea39c4a0e0396fb67b8e56616a6b71f6ae2806af30
- SHA512
  
  f4b2a65a18e43f0d72ec780370e9ce00648b3d027437410760464730cc814ef7f03e743752f87c3ccb0c9292fa370311a3aa175eddfb9cdddf480af819ee7435
- SSDEEP
  
  12288:aMrJy90m6IzFOAS7y8bO1s1K/JJj/rodWJRdkRV61HZdryk1EdtffTvwpqxQa:DygTAz8bhUjfo8JfoI15eVfTvwa
Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy