healer | 70f89fe55f70268a9e119cecc33161af5e061e1710c9be208028b892158507cd | Triage

Submit
Reports

Overview

overview

Static

static

3

70f89fe55f...cd.exe

windows10-2004-x64

Sharing

General

Target

70f89fe55f70268a9e119cecc33161af5e061e1710c9be208028b892158507cd
Size

480KB
Sample

241110-1jqazaypam
MD5

5ce6e20aa098adb23350b51db11aba86
SHA1

30df0defd078a3725707da2bd966b41f86914013
SHA256

70f89fe55f70268a9e119cecc33161af5e061e1710c9be208028b892158507cd
SHA512

2a7be78491529dd90598ea8dfd577380971f678cf33e775ad282fe2ce243eaf196719bbab686cc9343ffebffdad31c3b4dfb70a4c682c3f6b19fa507e5913dd7
SSDEEP

12288:LMrSy90J4zf1r8gRHJxuTcegaICjqE2f70riqdvI:5yo4j1jHJZegKqie6I

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

70f89fe55f70268a9e119cecc33161af5e061e1710c9be208028b892158507cd.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  70f89fe55f70268a9e119cecc33161af5e061e1710c9be208028b892158507cd
- Size
  
  480KB
- MD5
  
  5ce6e20aa098adb23350b51db11aba86
- SHA1
  
  30df0defd078a3725707da2bd966b41f86914013
- SHA256
  
  70f89fe55f70268a9e119cecc33161af5e061e1710c9be208028b892158507cd
- SHA512
  
  2a7be78491529dd90598ea8dfd577380971f678cf33e775ad282fe2ce243eaf196719bbab686cc9343ffebffdad31c3b4dfb70a4c682c3f6b19fa507e5913dd7
- SSDEEP
  
  12288:LMrSy90J4zf1r8gRHJxuTcegaICjqE2f70riqdvI:5yo4j1jHJZegKqie6I
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy