healer | d7fc0af08c7889254cdf65ba417997f9d7d84c8c0c78665c4165c55cc6865844 | Triage

Submit
Reports

Overview

overview

Static

static

3

d7fc0af08c...44.exe

windows10-2004-x64

Sharing

General

Target

d7fc0af08c7889254cdf65ba417997f9d7d84c8c0c78665c4165c55cc6865844
Size

479KB
Sample

240507-b99pvsga97
MD5

7bcf2e753722fce4e136cbbe1117f966
SHA1

e9f85926c3888d93bf7bdcbe582fcfcea7ee17ca
SHA256

d7fc0af08c7889254cdf65ba417997f9d7d84c8c0c78665c4165c55cc6865844
SHA512

a5797cd51b94846ef22520662291a14667573cbe2fe57254ab4076ca82bd66678961e6a3a8505296ba9c79e4ce66d8e8493fe529b133047d9c0114824202eb62
SSDEEP

6144:Kky+bnr+sp0yN90QECge4Xy+xkKUxnwqggIjf1kuJQ4QbCA2P32NKr686MocC3gZ:wMr0y90bzuLxnwuITTQbCNRp6dxg71

Score

10^/10

healer redline dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d7fc0af08c7889254cdf65ba417997f9d7d84c8c0c78665c4165c55cc6865844.exe

Resource

win10v2004-20240419-en

healer redline dropper evasion infostealer persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d7fc0af08c7889254cdf65ba417997f9d7d84c8c0c78665c4165c55cc6865844
- Size
  
  479KB
- MD5
  
  7bcf2e753722fce4e136cbbe1117f966
- SHA1
  
  e9f85926c3888d93bf7bdcbe582fcfcea7ee17ca
- SHA256
  
  d7fc0af08c7889254cdf65ba417997f9d7d84c8c0c78665c4165c55cc6865844
- SHA512
  
  a5797cd51b94846ef22520662291a14667573cbe2fe57254ab4076ca82bd66678961e6a3a8505296ba9c79e4ce66d8e8493fe529b133047d9c0114824202eb62
- SSDEEP
  
  6144:Kky+bnr+sp0yN90QECge4Xy+xkKUxnwqggIjf1kuJQ4QbCA2P32NKr686MocC3gZ:wMr0y90bzuLxnwuITTQbCNRp6dxg71
Score

10^/10

healer redline dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
- Detects executables packed with ConfuserEx Mod
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy