healer | 82a1800ccb474d89f73f0be392105bc6c7cbc7890c8176629b40aac9d7e58ac0 | Triage

Submit
Reports

Overview

overview

Static

static

3

82a1800ccb...c0.exe

windows7-x64

82a1800ccb...c0.exe

windows10-2004-x64

Sharing

General

Target

82a1800ccb474d89f73f0be392105bc6c7cbc7890c8176629b40aac9d7e58ac0
Size

1.0MB
Sample

241030-1jffrszqhy
MD5

f37adf558ea4c7dc2b619c77fdb38709
SHA1

3f9d03ab3971aa3595af4b87ad339ea69e5cb0a6
SHA256

82a1800ccb474d89f73f0be392105bc6c7cbc7890c8176629b40aac9d7e58ac0
SHA512

ad8524a02a0f3ff96d472c620c420a72d67788f362d1195b62349f5d2d18bf4f40b4635cfddbf3051185edf5a5ee55ebedffb1dbd9fa81b9bb8d36d51c1471c0
SSDEEP

24576:MRBlpCnS/scHFiubIqtKXQiS8W0n3gtGO3QEM9p8:cIAs0FP3ad3UG7p

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

82a1800ccb474d89f73f0be392105bc6c7cbc7890c8176629b40aac9d7e58ac0.exe

Resource

win7-20241010-en

healer redline discovery dropper evasion infostealer persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

82a1800ccb474d89f73f0be392105bc6c7cbc7890c8176629b40aac9d7e58ac0.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  82a1800ccb474d89f73f0be392105bc6c7cbc7890c8176629b40aac9d7e58ac0
- Size
  
  1.0MB
- MD5
  
  f37adf558ea4c7dc2b619c77fdb38709
- SHA1
  
  3f9d03ab3971aa3595af4b87ad339ea69e5cb0a6
- SHA256
  
  82a1800ccb474d89f73f0be392105bc6c7cbc7890c8176629b40aac9d7e58ac0
- SHA512
  
  ad8524a02a0f3ff96d472c620c420a72d67788f362d1195b62349f5d2d18bf4f40b4635cfddbf3051185edf5a5ee55ebedffb1dbd9fa81b9bb8d36d51c1471c0
- SSDEEP
  
  24576:MRBlpCnS/scHFiubIqtKXQiS8W0n3gtGO3QEM9p8:cIAs0FP3ad3UG7p
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy