healer | d43b02c153a6971ef361f6a6875aa24761c3a193cd406ba895b103cbe3d6fe33 | Triage

Submit
Reports

Overview

overview

Static

static

3

d43b02c153...33.exe

windows10-2004-x64

Sharing

General

Target

d43b02c153a6971ef361f6a6875aa24761c3a193cd406ba895b103cbe3d6fe33
Size

701KB
Sample

241110-zzj88awajd
MD5

91b655ba8e3d7c02a0e42da71d9330e4
SHA1

d5849543eb25043d42424d5582704ab2c6f5344f
SHA256

d43b02c153a6971ef361f6a6875aa24761c3a193cd406ba895b103cbe3d6fe33
SHA512

27214deb4c71378cba842bda4b843b4c9ed24e0a62e0f52b510566d68a2c866971c515a04b834366907c5a514ab97316829d7742fb0310ad1b8090d7ed6f9097
SSDEEP

12288:0y90pH91mSQqo0vOi+kbuouslkRi6xASyghk9EG21o9wx6N0h0SeNKBFs+wm:0y8kqoAh61zkyGRwU67dBFHwm

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d43b02c153a6971ef361f6a6875aa24761c3a193cd406ba895b103cbe3d6fe33.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  d43b02c153a6971ef361f6a6875aa24761c3a193cd406ba895b103cbe3d6fe33
- Size
  
  701KB
- MD5
  
  91b655ba8e3d7c02a0e42da71d9330e4
- SHA1
  
  d5849543eb25043d42424d5582704ab2c6f5344f
- SHA256
  
  d43b02c153a6971ef361f6a6875aa24761c3a193cd406ba895b103cbe3d6fe33
- SHA512
  
  27214deb4c71378cba842bda4b843b4c9ed24e0a62e0f52b510566d68a2c866971c515a04b834366907c5a514ab97316829d7742fb0310ad1b8090d7ed6f9097
- SSDEEP
  
  12288:0y90pH91mSQqo0vOi+kbuouslkRi6xASyghk9EG21o9wx6N0h0SeNKBFs+wm:0y8kqoAh61zkyGRwU67dBFHwm
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy