healer | 3a6b30f0a1e2da1e021c2b39ffba7bf91e5df8064a31e3a2f1bf13833ca32fda | Triage

Submit
Reports

Overview

overview

Static

static

3

3a6b30f0a1...aN.exe

windows10-2004-x64

Sharing

General

Target

3a6b30f0a1e2da1e021c2b39ffba7bf91e5df8064a31e3a2f1bf13833ca32fdaN
Size

405KB
Sample

241110-3wm3gsxkhz
MD5

448c668de1dbb7df05a4c0b81633c760
SHA1

538791b90796a1f2ed0eb6879f80919391f19021
SHA256

3a6b30f0a1e2da1e021c2b39ffba7bf91e5df8064a31e3a2f1bf13833ca32fda
SHA512

d763b9d8ced2233510ce074a365c2f5496e51656ce633a17a4c000755c891262d51d389319707b7013bcaf2883490ce51aa7106f79815fcb566c0b6627cf56ee
SSDEEP

6144:KIy+bnr+pp0yN90QELT2fz2UunZzFBkd7OCvstsJiptFym3MMykOQtoTij2W:UMrhy90aAFFO5nkSye6Zymou

Score

10^/10

healer redline stek discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a6b30f0a1e2da1e021c2b39ffba7bf91e5df8064a31e3a2f1bf13833ca32fdaN.exe

Resource

win10v2004-20241007-en

healer redline stek discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes

auth_value
4205381daf6946b2df5fe3bc7eacc918

Targets

- Target
  
  3a6b30f0a1e2da1e021c2b39ffba7bf91e5df8064a31e3a2f1bf13833ca32fdaN
- Size
  
  405KB
- MD5
  
  448c668de1dbb7df05a4c0b81633c760
- SHA1
  
  538791b90796a1f2ed0eb6879f80919391f19021
- SHA256
  
  3a6b30f0a1e2da1e021c2b39ffba7bf91e5df8064a31e3a2f1bf13833ca32fda
- SHA512
  
  d763b9d8ced2233510ce074a365c2f5496e51656ce633a17a4c000755c891262d51d389319707b7013bcaf2883490ce51aa7106f79815fcb566c0b6627cf56ee
- SSDEEP
  
  6144:KIy+bnr+pp0yN90QELT2fz2UunZzFBkd7OCvstsJiptFym3MMykOQtoTij2W:UMrhy90aAFFO5nkSye6Zymou
Score

10^/10

healer redline stek discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinestekdiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy