healer | b846c352bfa28cc9ed2a43e9c414329618c35a7a37a1d83886eba0b72cb6544e | Triage

Submit
Reports

Overview

overview

Static

static

3

b846c352bf...4e.exe

windows10-2004-x64

Sharing

General

Target

b846c352bfa28cc9ed2a43e9c414329618c35a7a37a1d83886eba0b72cb6544e
Size

566KB
Sample

241110-1k6dkswejh
MD5

3dd8a7ba2e673eb3688b0df931c8df73
SHA1

05c40227606da454d0866a54059d0e25832d719f
SHA256

b846c352bfa28cc9ed2a43e9c414329618c35a7a37a1d83886eba0b72cb6544e
SHA512

155142a8d24d2b432f5e228648aa84fde503699550e046a7c66844c825f6403fbdc3447891926b4209d4925b1c6fb595f7c84af5bdd75d9e0cde09feec14fc99
SSDEEP

12288:Dy90DndBEKygGp11xTDYJjJyd+PqDF9mi6ZlxywiYtLDMKS8z5vt4c:Dyo/GR1kns0q59mimlwu/r9t4c

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b846c352bfa28cc9ed2a43e9c414329618c35a7a37a1d83886eba0b72cb6544e.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  b846c352bfa28cc9ed2a43e9c414329618c35a7a37a1d83886eba0b72cb6544e
- Size
  
  566KB
- MD5
  
  3dd8a7ba2e673eb3688b0df931c8df73
- SHA1
  
  05c40227606da454d0866a54059d0e25832d719f
- SHA256
  
  b846c352bfa28cc9ed2a43e9c414329618c35a7a37a1d83886eba0b72cb6544e
- SHA512
  
  155142a8d24d2b432f5e228648aa84fde503699550e046a7c66844c825f6403fbdc3447891926b4209d4925b1c6fb595f7c84af5bdd75d9e0cde09feec14fc99
- SSDEEP
  
  12288:Dy90DndBEKygGp11xTDYJjJyd+PqDF9mi6ZlxywiYtLDMKS8z5vt4c:Dyo/GR1kns0q59mimlwu/r9t4c
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy