healer | 9ab1293f3c178dda71edfa3e5e741f50bfba067f1af351de381f4c062f9de779 | Triage

Submit
Reports

Overview

overview

Static

static

3

9ab1293f3c...79.exe

windows10-2004-x64

Sharing

General

Target

9ab1293f3c178dda71edfa3e5e741f50bfba067f1af351de381f4c062f9de779
Size

809KB
Sample

241110-zw8seavemq
MD5

142e67645f87a758e7dd4a247437f35d
SHA1

df389cc5482b46cc0d5e6254256ccf999894d6e3
SHA256

9ab1293f3c178dda71edfa3e5e741f50bfba067f1af351de381f4c062f9de779
SHA512

95902c18e64a3b6ecf1cb8f7e767373797c268dd5c5f49d3f16032cba120071d5eeba28baa6a7632a5a345f2ebbeeb7140388422d230b9fbd728a7d5578e68a9
SSDEEP

24576:qyoMABMKAUKIvHDh3iV2iVlLycLw0fRNu7HM:xoJMKAMvjhO/LnfRNu7H

Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9ab1293f3c178dda71edfa3e5e741f50bfba067f1af351de381f4c062f9de779.exe

Resource

win10v2004-20241007-en

healer redline mango discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  9ab1293f3c178dda71edfa3e5e741f50bfba067f1af351de381f4c062f9de779
- Size
  
  809KB
- MD5
  
  142e67645f87a758e7dd4a247437f35d
- SHA1
  
  df389cc5482b46cc0d5e6254256ccf999894d6e3
- SHA256
  
  9ab1293f3c178dda71edfa3e5e741f50bfba067f1af351de381f4c062f9de779
- SHA512
  
  95902c18e64a3b6ecf1cb8f7e767373797c268dd5c5f49d3f16032cba120071d5eeba28baa6a7632a5a345f2ebbeeb7140388422d230b9fbd728a7d5578e68a9
- SSDEEP
  
  24576:qyoMABMKAUKIvHDh3iV2iVlLycLw0fRNu7HM:xoJMKAMvjhO/LnfRNu7H
Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy