healer | 4fea0eda18fcd26278c500ad0a5a8b4220a5b39206612d2af69586cbdba3e43f | Triage

Submit
Reports

Overview

overview

Static

static

3

4fea0eda18...3f.exe

windows10-2004-x64

Sharing

General

Target

4fea0eda18fcd26278c500ad0a5a8b4220a5b39206612d2af69586cbdba3e43f
Size

763KB
Sample

240422-1rx1sagh39
MD5

967f668de8d3e75e28cb67dd87b00e6d
SHA1

4d925e0b437374d34beda4ec6c022ec79e60c3ad
SHA256

4fea0eda18fcd26278c500ad0a5a8b4220a5b39206612d2af69586cbdba3e43f
SHA512

d75e80c397096eee1f426593e54ffbe9999e222eb434603470d207a4c65f6102b40f8907b66622fcd9a2a29e4d1abadb3ca6594c71f7ea26a2114a2b40f9dc28
SSDEEP

12288:py90/l5R4cDwygXI0nX9jvkxK9X/MsJda7+fV7E762b8Jg15auk027W9Xx:py64UwygBxvWK9X0+fVw6oegCb027Ax

Score

10^/10

healer redline zgrat dropper evasion infostealer persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4fea0eda18fcd26278c500ad0a5a8b4220a5b39206612d2af69586cbdba3e43f.exe

Resource

win10v2004-20240412-en

healer redline zgrat dropper evasion infostealer persistence rat trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4fea0eda18fcd26278c500ad0a5a8b4220a5b39206612d2af69586cbdba3e43f
- Size
  
  763KB
- MD5
  
  967f668de8d3e75e28cb67dd87b00e6d
- SHA1
  
  4d925e0b437374d34beda4ec6c022ec79e60c3ad
- SHA256
  
  4fea0eda18fcd26278c500ad0a5a8b4220a5b39206612d2af69586cbdba3e43f
- SHA512
  
  d75e80c397096eee1f426593e54ffbe9999e222eb434603470d207a4c65f6102b40f8907b66622fcd9a2a29e4d1abadb3ca6594c71f7ea26a2114a2b40f9dc28
- SSDEEP
  
  12288:py90/l5R4cDwygXI0nX9jvkxK9X/MsJda7+fV7E762b8Jg15auk027W9Xx:py64UwygBxvWK9X0+fVw6oegCb027Ax
Score

10^/10

healer redline zgrat dropper evasion infostealer persistence rat trojan
- Detect ZGRat V1
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Detects executables packed with ConfuserEx Mod
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinezgratdropperevasioninfostealerpersistencerattrojan

© 2018-2025

Terms | Privacy