healer | e080e7be4adb375605dbf6afb8852a1c1df2e7cc868d3386a9a0f95edf355c76 | Triage

Submit
Reports

Overview

overview

Static

static

3

e080e7be4a...76.exe

windows10-2004-x64

Sharing

General

Target

e080e7be4adb375605dbf6afb8852a1c1df2e7cc868d3386a9a0f95edf355c76
Size

828KB
Sample

241110-1kh82svpds
MD5

ae682f98ec5a045dd6c9a0bc21b088ba
SHA1

3877baf0045d6c8d30ea7547c92ed377b943dd0f
SHA256

e080e7be4adb375605dbf6afb8852a1c1df2e7cc868d3386a9a0f95edf355c76
SHA512

c8a88995bf3931b5c244c4e3ef29552c3ad7ec76e6b7eeb46ee89e755f7486724b59f6f0101ef287c0e3a5c83f43dfaa0800e452c76838e3885e90d8be1d55f6
SSDEEP

12288:Yy908w9O9CAW9YZvBp/0GGNfP2TiGdcPn+UGA95ZiDk0V6xEcg58xsdx38etjhpM:YyDwQ9CA4YZvB8Ga6k5ZiDoX4tFa

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e080e7be4adb375605dbf6afb8852a1c1df2e7cc868d3386a9a0f95edf355c76.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  e080e7be4adb375605dbf6afb8852a1c1df2e7cc868d3386a9a0f95edf355c76
- Size
  
  828KB
- MD5
  
  ae682f98ec5a045dd6c9a0bc21b088ba
- SHA1
  
  3877baf0045d6c8d30ea7547c92ed377b943dd0f
- SHA256
  
  e080e7be4adb375605dbf6afb8852a1c1df2e7cc868d3386a9a0f95edf355c76
- SHA512
  
  c8a88995bf3931b5c244c4e3ef29552c3ad7ec76e6b7eeb46ee89e755f7486724b59f6f0101ef287c0e3a5c83f43dfaa0800e452c76838e3885e90d8be1d55f6
- SSDEEP
  
  12288:Yy908w9O9CAW9YZvBp/0GGNfP2TiGdcPn+UGA95ZiDk0V6xEcg58xsdx38etjhpM:YyDwQ9CA4YZvB8Ga6k5ZiDoX4tFa
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy