healer | 0f08729e15fe0369d56d293f705e27bdf8ef095b2d7fd36c7c852f9a61b86c00 | Triage

Submit
Reports

Overview

overview

Static

static

3

15af2dc825...cs.exe

windows10-2004-x64

Sharing

General

Target

15af2dc825a983bccd01fc6a43226810_NeikiAnalytics
Size

694KB
Sample

240509-2r3rpsee25
MD5

15af2dc825a983bccd01fc6a43226810
SHA1

4785010bc357c06fd4bd0402dd5b5d205dedab32
SHA256

0f08729e15fe0369d56d293f705e27bdf8ef095b2d7fd36c7c852f9a61b86c00
SHA512

04f22b3474497919d034096f4930b451cfb23cd218579e8b3514af345b4f360c3f49784218416c3ee58d06d029b4cff46b088dd68bfecf1b31fc214a8ad75498
SSDEEP

12288:Gy90SEzldUgrwhFTxp8onXRlMoKWR6F918byKMA+oEM9+L:GyVEzldnKFf8kXbMo96F918byrLqM

Score

10^/10

healer redline zgrat dropper evasion infostealer persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15af2dc825a983bccd01fc6a43226810_NeikiAnalytics.exe

Resource

win10v2004-20240226-en

healer redline zgrat dropper evasion infostealer persistence rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  15af2dc825a983bccd01fc6a43226810_NeikiAnalytics
- Size
  
  694KB
- MD5
  
  15af2dc825a983bccd01fc6a43226810
- SHA1
  
  4785010bc357c06fd4bd0402dd5b5d205dedab32
- SHA256
  
  0f08729e15fe0369d56d293f705e27bdf8ef095b2d7fd36c7c852f9a61b86c00
- SHA512
  
  04f22b3474497919d034096f4930b451cfb23cd218579e8b3514af345b4f360c3f49784218416c3ee58d06d029b4cff46b088dd68bfecf1b31fc214a8ad75498
- SSDEEP
  
  12288:Gy90SEzldUgrwhFTxp8onXRlMoKWR6F918byKMA+oEM9+L:GyVEzldnKFf8kXbMo96F918byrLqM
Score

10^/10

healer redline zgrat dropper evasion infostealer persistence rat trojan
- Detect ZGRat V1
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinezgratdropperevasioninfostealerpersistencerattrojan

© 2018-2025

Terms | Privacy