healer | cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368 | Triage

Submit
Reports

Overview

overview

Static

static

3

cddf92f109...68.exe

windows10-2004-x64

Sharing

General

Target

cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368
Size

641KB
Sample

241104-q88thazmhx
MD5

54453cf11175585a3b13ff2658153195
SHA1

ce68bebbaa34c95636e120e438e85b8493fb482e
SHA256

cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368
SHA512

7b1ad57f6ab9ba0b2f665978745b52d6840f284920f7f449569de414d0005ff45a230bfa1e8a6e92bfe684b7ed9e1db3983b9007113ad5530e605993746355b0
SSDEEP

12288:Oy90ybhCjAH9wDayKZMgYBMVhoP2LSy/rcXIwZ/G94Uo4Zf2:Oy9hCjvNyAM/eAcYwZoZf2

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368
- Size
  
  641KB
- MD5
  
  54453cf11175585a3b13ff2658153195
- SHA1
  
  ce68bebbaa34c95636e120e438e85b8493fb482e
- SHA256
  
  cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368
- SHA512
  
  7b1ad57f6ab9ba0b2f665978745b52d6840f284920f7f449569de414d0005ff45a230bfa1e8a6e92bfe684b7ed9e1db3983b9007113ad5530e605993746355b0
- SSDEEP
  
  12288:Oy90ybhCjAH9wDayKZMgYBMVhoP2LSy/rcXIwZ/G94Uo4Zf2:Oy9hCjvNyAM/eAcYwZoZf2
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy