healer | 0762368d2db6fa2da5635303909f6a7ce3b4527a4ba3cc4558908028a6abcda8 | Triage

Submit
Reports

Overview

overview

Static

static

3

0762368d2d...a8.exe

windows10-2004-x64

Sharing

General

Target

0762368d2db6fa2da5635303909f6a7ce3b4527a4ba3cc4558908028a6abcda8
Size

611KB
Sample

241104-qzf25atjaj
MD5

a6bdd82cec6d6e911a7a8cf0b5f36a0c
SHA1

a5b8273513f5e7cdcb0cf58f0aa3d339b9258f11
SHA256

0762368d2db6fa2da5635303909f6a7ce3b4527a4ba3cc4558908028a6abcda8
SHA512

797fa3d9ba5a629c10295299a46f73bb076d99438dd9e3fcd47122dbd101fb3f43dce329e5b8bc065c0126938d44edf69e002daa731ef6bf6128027deb2b9193
SSDEEP

12288:Ay90uQ8EAeayWDxuvyi1VvsMDudRlRd3S0vk8D+EVzS:AyFvEA4HuFH3k83S

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0762368d2db6fa2da5635303909f6a7ce3b4527a4ba3cc4558908028a6abcda8.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  0762368d2db6fa2da5635303909f6a7ce3b4527a4ba3cc4558908028a6abcda8
- Size
  
  611KB
- MD5
  
  a6bdd82cec6d6e911a7a8cf0b5f36a0c
- SHA1
  
  a5b8273513f5e7cdcb0cf58f0aa3d339b9258f11
- SHA256
  
  0762368d2db6fa2da5635303909f6a7ce3b4527a4ba3cc4558908028a6abcda8
- SHA512
  
  797fa3d9ba5a629c10295299a46f73bb076d99438dd9e3fcd47122dbd101fb3f43dce329e5b8bc065c0126938d44edf69e002daa731ef6bf6128027deb2b9193
- SSDEEP
  
  12288:Ay90uQ8EAeayWDxuvyi1VvsMDudRlRd3S0vk8D+EVzS:AyFvEA4HuFH3k83S
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy