healer | 878a1fc02579c37f7ebfee0e3a35b0e16884bb2af701d2de65080fce3cb8b3c4 | Triage

Submit
Reports

Overview

overview

Static

static

3

878a1fc025...c4.exe

windows7-x64

5

878a1fc025...c4.exe

windows10-2004-x64

Sharing

General

Target

878a1fc02579c37f7ebfee0e3a35b0e16884bb2af701d2de65080fce3cb8b3c4
Size

3.1MB
Sample

231014-agcc8ahb46
MD5

8cb6d463ebaca729bc6250586e487e3f
SHA1

ba77b0cc638df4749d90386d14f0f077a7a887df
SHA256

878a1fc02579c37f7ebfee0e3a35b0e16884bb2af701d2de65080fce3cb8b3c4
SHA512

160b41b33561f15132a06af012d7d67c2f347452b1a96d09008ea45e4e523bd403c1434787b76a3452abedef8156ffbdc4b04dec06f13314ad6542d6ba033250
SSDEEP

49152:MpFzUE1/x5XSke5ec6a3vTlsn35QDS1h2b6CtI3jc8U8kE5:MpFzvSk1OqI6mgw8UXE

Score

10^/10

healer redline ramon dropper infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

878a1fc02579c37f7ebfee0e3a35b0e16884bb2af701d2de65080fce3cb8b3c4.exe

Resource

win7-20230831-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

878a1fc02579c37f7ebfee0e3a35b0e16884bb2af701d2de65080fce3cb8b3c4.exe

Resource

win10v2004-20230915-en

healer redline ramon dropper infostealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes

auth_value
3197576965d9513f115338c233015b40

Targets

- Target
  
  878a1fc02579c37f7ebfee0e3a35b0e16884bb2af701d2de65080fce3cb8b3c4
- Size
  
  3.1MB
- MD5
  
  8cb6d463ebaca729bc6250586e487e3f
- SHA1
  
  ba77b0cc638df4749d90386d14f0f077a7a887df
- SHA256
  
  878a1fc02579c37f7ebfee0e3a35b0e16884bb2af701d2de65080fce3cb8b3c4
- SHA512
  
  160b41b33561f15132a06af012d7d67c2f347452b1a96d09008ea45e4e523bd403c1434787b76a3452abedef8156ffbdc4b04dec06f13314ad6542d6ba033250
- SSDEEP
  
  49152:MpFzUE1/x5XSke5ec6a3vTlsn35QDS1h2b6CtI3jc8U8kE5:MpFzvSk1OqI6mgw8UXE
Score

10^/10

healer redline ramon dropper infostealer
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

healerredlineramondropperinfostealer

© 2018-2025

Terms | Privacy