healer | 657ae973e61a5a19cb3b9509f7b58d78e6ea4a5290488587bf3e6eb9ee0a5d53 | Triage

Submit
Reports

Overview

overview

Static

static

3

657ae973e6...53.exe

windows10-2004-x64

Sharing

General

Target

657ae973e61a5a19cb3b9509f7b58d78e6ea4a5290488587bf3e6eb9ee0a5d53
Size

563KB
Sample

241104-rc2kzsznfx
MD5

797aa68c35d38a9bbf70d0aa3c7bcd9c
SHA1

3c0a6b50b4b30640a7bb8d7e9685534937e6d24f
SHA256

657ae973e61a5a19cb3b9509f7b58d78e6ea4a5290488587bf3e6eb9ee0a5d53
SHA512

00a03f933ab0b3219f683ea0e3d423fbfe6fa0bc5cea41a247a78b4b2d2146dc6eec31d353fcb10eda4d8d91d3b40e9b15dcaba2d3bf73c773887f8f0c369048
SSDEEP

12288:/y90/9XRok3hLhzUNIqnjLpREftppu40reeabWBhHUk:/ym9X3xWNIotREf/pQxsW0k

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

657ae973e61a5a19cb3b9509f7b58d78e6ea4a5290488587bf3e6eb9ee0a5d53.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  657ae973e61a5a19cb3b9509f7b58d78e6ea4a5290488587bf3e6eb9ee0a5d53
- Size
  
  563KB
- MD5
  
  797aa68c35d38a9bbf70d0aa3c7bcd9c
- SHA1
  
  3c0a6b50b4b30640a7bb8d7e9685534937e6d24f
- SHA256
  
  657ae973e61a5a19cb3b9509f7b58d78e6ea4a5290488587bf3e6eb9ee0a5d53
- SHA512
  
  00a03f933ab0b3219f683ea0e3d423fbfe6fa0bc5cea41a247a78b4b2d2146dc6eec31d353fcb10eda4d8d91d3b40e9b15dcaba2d3bf73c773887f8f0c369048
- SSDEEP
  
  12288:/y90/9XRok3hLhzUNIqnjLpREftppu40reeabWBhHUk:/ym9X3xWNIotREf/pQxsW0k
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy