healer | d690125597a47a80419d3cb431f2a35057c771b7f827b1509e4355e487617b5c | Triage

Submit
Reports

Overview

overview

Static

static

3

d690125597...5c.exe

windows10-2004-x64

Sharing

General

Target

d690125597a47a80419d3cb431f2a35057c771b7f827b1509e4355e487617b5c
Size

564KB
Sample

241110-1z5qlawhle
MD5

116cc52af72433f5b563d90b44ec324a
SHA1

bb675c7ba709d104154ba49faa7cc6e66dd1c1d0
SHA256

d690125597a47a80419d3cb431f2a35057c771b7f827b1509e4355e487617b5c
SHA512

ce57c6b183ba2eab84dd4becc17c6ed9d5935af5f5093f8fb4489aff89af275df9515a3b63b2c148e967d64c264530df1b31896bca9192feb9a2d866731e7099
SSDEEP

12288:My90USJiSo4Wj2x2yjkukIPXzc0fCunMJqPKjL9f4QP8:My48B4XAubDDfC6eqPKjL9P8

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d690125597a47a80419d3cb431f2a35057c771b7f827b1509e4355e487617b5c.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  d690125597a47a80419d3cb431f2a35057c771b7f827b1509e4355e487617b5c
- Size
  
  564KB
- MD5
  
  116cc52af72433f5b563d90b44ec324a
- SHA1
  
  bb675c7ba709d104154ba49faa7cc6e66dd1c1d0
- SHA256
  
  d690125597a47a80419d3cb431f2a35057c771b7f827b1509e4355e487617b5c
- SHA512
  
  ce57c6b183ba2eab84dd4becc17c6ed9d5935af5f5093f8fb4489aff89af275df9515a3b63b2c148e967d64c264530df1b31896bca9192feb9a2d866731e7099
- SSDEEP
  
  12288:My90USJiSo4Wj2x2yjkukIPXzc0fCunMJqPKjL9f4QP8:My48B4XAubDDfC6eqPKjL9P8
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy