healer | 69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690 | Triage

Sharing

General

Target

69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690N
Size

202KB
Sample

241114-lefteawhrb
MD5

b4d19e1899fad64b988f6f917ac62c80
SHA1

85159974fed63fe8e0f9308b13a8628605456382
SHA256

69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690
SHA512

66a9c644c05ae3cf64d31608699a57bfda819aac016e49dd66748a175455935a9b021238794acb624a99a38596f1043adf1c072f950c427db3b96e643225a438
SSDEEP

3072:Kly+bnr+O145GWp1icKAArDZz4N9GhbkrNEk6IfA7jkFF9j5dBKO3lY1:Kly+bnr+Dp0yN90QEufAHsF3M

Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes

auth_value
e5783636fbd9e4f0cf9a017bce02e67e

Targets

- Target
  
  69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690N
- Size
  
  202KB
- MD5
  
  b4d19e1899fad64b988f6f917ac62c80
- SHA1
  
  85159974fed63fe8e0f9308b13a8628605456382
- SHA256
  
  69f8e43073e849bba9e3092888fe246fa19fe53188b6554d23f63834b9b19690
- SHA512
  
  66a9c644c05ae3cf64d31608699a57bfda819aac016e49dd66748a175455935a9b021238794acb624a99a38596f1043adf1c072f950c427db3b96e643225a438
- SSDEEP
  
  3072:Kly+bnr+O145GWp1icKAArDZz4N9GhbkrNEk6IfA7jkFF9j5dBKO3lY1:Kly+bnr+Dp0yN90QEufAHsF3M
Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinefukiadiscoverydropperevasioninfostealerpersistencetrojan