healer | 3fabc9e92c2c1f328d0ea07fd8a9cc93f3f9fb7f8dd5010574561e7f8c1cb063 | Triage

Submit
Reports

Overview

overview

Static

static

3

3fabc9e92c...63.exe

windows10-2004-x64

Sharing

General

Target

3fabc9e92c2c1f328d0ea07fd8a9cc93f3f9fb7f8dd5010574561e7f8c1cb063
Size

674KB
Sample

241104-qxmf5azlcz
MD5

8cc44867975363568ce9b9877c4f5339
SHA1

266676e461dc14a35c5483d7ae78c5fbba59f7e8
SHA256

3fabc9e92c2c1f328d0ea07fd8a9cc93f3f9fb7f8dd5010574561e7f8c1cb063
SHA512

c3768aa06e1e15f2832670ef6b669d0dae8be07bc08af21553d2d63566ed96fbbcebe2f19075f180151ed704ecdd3632bfd5e4b5e276c0cfe32a0ae413554440
SSDEEP

12288:Hy90P2Ksgc4j0ZtJWPCt2liHdKAJowLlu1UEPjzz+BQfeuwadDTt:HyVKsgc4utJWPr6KAyGu1vPjzz4FatTt

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3fabc9e92c2c1f328d0ea07fd8a9cc93f3f9fb7f8dd5010574561e7f8c1cb063.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  3fabc9e92c2c1f328d0ea07fd8a9cc93f3f9fb7f8dd5010574561e7f8c1cb063
- Size
  
  674KB
- MD5
  
  8cc44867975363568ce9b9877c4f5339
- SHA1
  
  266676e461dc14a35c5483d7ae78c5fbba59f7e8
- SHA256
  
  3fabc9e92c2c1f328d0ea07fd8a9cc93f3f9fb7f8dd5010574561e7f8c1cb063
- SHA512
  
  c3768aa06e1e15f2832670ef6b669d0dae8be07bc08af21553d2d63566ed96fbbcebe2f19075f180151ed704ecdd3632bfd5e4b5e276c0cfe32a0ae413554440
- SSDEEP
  
  12288:Hy90P2Ksgc4j0ZtJWPCt2liHdKAJowLlu1UEPjzz+BQfeuwadDTt:HyVKsgc4utJWPr6KAyGu1vPjzz4FatTt
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy