healer | 1b337b3646ccbebfb436835649c5c22591d205055046818ae7187aaa6b0467eb | Triage

Submit
Reports

Overview

overview

Static

static

3

1b337b3646...eb.exe

windows10-2004-x64

Sharing

General

Target

1b337b3646ccbebfb436835649c5c22591d205055046818ae7187aaa6b0467eb
Size

558KB
Sample

241110-1de8taynbq
MD5

71500a5a88773cf03f5242de27132626
SHA1

67ac31812655af0c08868ba988df5c193ecb837a
SHA256

1b337b3646ccbebfb436835649c5c22591d205055046818ae7187aaa6b0467eb
SHA512

3a4dfeced16727bae2af4ba59c04e6373736b1a223280241f164f5196e1540b5bda32ee0f15181e98840855a694c6f50513371dfa950709dd974be6b34b0cd61
SSDEEP

12288:Gy90MQD5YaRuyQESpteSzDE/aixJBtRJu65j3qb:GyjQB0fAF7b7N0b

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b337b3646ccbebfb436835649c5c22591d205055046818ae7187aaa6b0467eb.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1b337b3646ccbebfb436835649c5c22591d205055046818ae7187aaa6b0467eb
- Size
  
  558KB
- MD5
  
  71500a5a88773cf03f5242de27132626
- SHA1
  
  67ac31812655af0c08868ba988df5c193ecb837a
- SHA256
  
  1b337b3646ccbebfb436835649c5c22591d205055046818ae7187aaa6b0467eb
- SHA512
  
  3a4dfeced16727bae2af4ba59c04e6373736b1a223280241f164f5196e1540b5bda32ee0f15181e98840855a694c6f50513371dfa950709dd974be6b34b0cd61
- SSDEEP
  
  12288:Gy90MQD5YaRuyQESpteSzDE/aixJBtRJu65j3qb:GyjQB0fAF7b7N0b
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy