healer | 608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

608312e5a9...d8.exe

windows10-2004-x64

Sharing

General

Target

608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
Size

491KB
Sample

241104-rqxh7a1gkk
MD5

06c4bd51cbf51954b34d81b43bd144f2
SHA1

e924fad84cc93ea850f632291b7a1692efd391f5
SHA256

608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
SHA512

4beecaa4ac861556d927ce0fbf9275b2938f0934c6c0c7d93807f88c0878e660bc6e2b864ae6de58b88963b3feaef7da82e51f6507a4b54d84e34ea0335f8edb
SSDEEP

12288:hMryy90tNXA8J+H4kcg1msGSksfQ+Yy2LhROG:bywNm4eIsDkoQ+YUG

Score

10^/10

healer redline lade discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8.exe

Resource

win10v2004-20241007-en

healer redline lade discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

lade

C2

217.196.96.101:4132

Attributes

auth_value
6e597bb53b7858f1eaca3f569cb16e1e

Targets

- Target
  
  608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
- Size
  
  491KB
- MD5
  
  06c4bd51cbf51954b34d81b43bd144f2
- SHA1
  
  e924fad84cc93ea850f632291b7a1692efd391f5
- SHA256
  
  608312e5a94be37df8805a0729a223eb5cbc5ed9d21225d617129a5cabb031d8
- SHA512
  
  4beecaa4ac861556d927ce0fbf9275b2938f0934c6c0c7d93807f88c0878e660bc6e2b864ae6de58b88963b3feaef7da82e51f6507a4b54d84e34ea0335f8edb
- SSDEEP
  
  12288:hMryy90tNXA8J+H4kcg1msGSksfQ+Yy2LhROG:bywNm4eIsDkoQ+YUG
Score

10^/10

healer redline lade discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlineladediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy