healer | 6ffb73495d5f0c6f895c4426ac7213abc94e5fae8e25ecd70fa4c832248fd57e | Triage

Submit
Reports

Overview

overview

Static

static

3

6ffb73495d...7e.exe

windows10-2004-x64

Sharing

General

Target

6ffb73495d5f0c6f895c4426ac7213abc94e5fae8e25ecd70fa4c832248fd57e
Size

470KB
Sample

241108-ghp42axalc
MD5

8c589b51e4bdf2b074335e3ce966b204
SHA1

c622ac190128802b199dfa9a26c8fda3f4eb635f
SHA256

6ffb73495d5f0c6f895c4426ac7213abc94e5fae8e25ecd70fa4c832248fd57e
SHA512

b19e8a6e423167d43fee78439a00b23db4f739eea9bc39371c0e7801593377b8ba786ad105300263ebe3ce1b3c8b926f61f108e36a8b228da5fc24daf7457360
SSDEEP

12288:0MrIy90j/RuZBnwKwk5GgPBjHyNbSGWxl+PwTUof0:EyukTnw3HgHGa+PcUos

Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6ffb73495d5f0c6f895c4426ac7213abc94e5fae8e25ecd70fa4c832248fd57e.exe

Resource

win10v2004-20241007-en

healer redline fukia discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes

auth_value
e5783636fbd9e4f0cf9a017bce02e67e

Targets

- Target
  
  6ffb73495d5f0c6f895c4426ac7213abc94e5fae8e25ecd70fa4c832248fd57e
- Size
  
  470KB
- MD5
  
  8c589b51e4bdf2b074335e3ce966b204
- SHA1
  
  c622ac190128802b199dfa9a26c8fda3f4eb635f
- SHA256
  
  6ffb73495d5f0c6f895c4426ac7213abc94e5fae8e25ecd70fa4c832248fd57e
- SHA512
  
  b19e8a6e423167d43fee78439a00b23db4f739eea9bc39371c0e7801593377b8ba786ad105300263ebe3ce1b3c8b926f61f108e36a8b228da5fc24daf7457360
- SSDEEP
  
  12288:0MrIy90j/RuZBnwKwk5GgPBjHyNbSGWxl+PwTUof0:EyukTnw3HgHGa+PcUos
Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinefukiadiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy