healer | 8a630d1ccbd54fe35750a7572d59aee32bd15a4f7cd1bebc8d11ca3803a93322 | Triage

Submit
Reports

Overview

overview

Static

static

3

8a630d1ccb...22.exe

windows10-2004-x64

Sharing

General

Target

8a630d1ccbd54fe35750a7572d59aee32bd15a4f7cd1bebc8d11ca3803a93322
Size

1.5MB
Sample

241110-3fb1aazrak
MD5

15c8aef0569968715cde08fdcf2a5486
SHA1

7d97ea6f1443f6d3446a25a6461d579d03305f8c
SHA256

8a630d1ccbd54fe35750a7572d59aee32bd15a4f7cd1bebc8d11ca3803a93322
SHA512

097ad33602753d2b5de3672bcea0c1d9c2802579553092d030bbc41fd94d1a6a2ecc71442dc5589daa9e195d76e8c05a954252226fc3cf17195fe3937bb4a42b
SSDEEP

24576:DytivQbLcVXVp7Y5m5l24/pxSCLYbRnnTPPPJg53lMKu1JL0T2cGNHL:WYYbQVXb85my4/vSCLgRnTxwMN110TwH

Score

10^/10

healer redline mask discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8a630d1ccbd54fe35750a7572d59aee32bd15a4f7cd1bebc8d11ca3803a93322.exe

Resource

win10v2004-20241007-en

healer redline mask discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes

auth_value
31aef25be0febb8e491794ef7f502c50

Targets

- Target
  
  8a630d1ccbd54fe35750a7572d59aee32bd15a4f7cd1bebc8d11ca3803a93322
- Size
  
  1.5MB
- MD5
  
  15c8aef0569968715cde08fdcf2a5486
- SHA1
  
  7d97ea6f1443f6d3446a25a6461d579d03305f8c
- SHA256
  
  8a630d1ccbd54fe35750a7572d59aee32bd15a4f7cd1bebc8d11ca3803a93322
- SHA512
  
  097ad33602753d2b5de3672bcea0c1d9c2802579553092d030bbc41fd94d1a6a2ecc71442dc5589daa9e195d76e8c05a954252226fc3cf17195fe3937bb4a42b
- SSDEEP
  
  24576:DytivQbLcVXVp7Y5m5l24/pxSCLYbRnnTPPPJg53lMKu1JL0T2cGNHL:WYYbQVXb85my4/vSCLgRnTxwMN110TwH
Score

10^/10

healer redline mask discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemaskdiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy