healer | 4e56c6d715cbcb506babfcb98a4b78002b0703439985ca7273d3aedbc14d1c18 | Triage

Submit
Reports

Overview

overview

Static

static

3

4e56c6d715...18.exe

windows7-x64

4e56c6d715...18.exe

windows10-2004-x64

Sharing

General

Target

4e56c6d715cbcb506babfcb98a4b78002b0703439985ca7273d3aedbc14d1c18
Size

1.0MB
Sample

241111-aaevrs1lgq
MD5

16fe1356bba153c8d4f1cbd5a63c8e4c
SHA1

9a88b9c865f0ffd13c9974b88faa63d8c18c5cdd
SHA256

4e56c6d715cbcb506babfcb98a4b78002b0703439985ca7273d3aedbc14d1c18
SHA512

64bb641ffd573e0572e51d23312df08fabc60ead6377b57aad46a45b9c42ccf39b6ba8585aedfd4d1f3889e7d16a0f4efe23b85c82110e420bd42e9f8be529b7
SSDEEP

24576:FcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:BmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4e56c6d715cbcb506babfcb98a4b78002b0703439985ca7273d3aedbc14d1c18.exe

Resource

win7-20240729-en

healer redline discovery dropper evasion infostealer persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

4e56c6d715cbcb506babfcb98a4b78002b0703439985ca7273d3aedbc14d1c18.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  4e56c6d715cbcb506babfcb98a4b78002b0703439985ca7273d3aedbc14d1c18
- Size
  
  1.0MB
- MD5
  
  16fe1356bba153c8d4f1cbd5a63c8e4c
- SHA1
  
  9a88b9c865f0ffd13c9974b88faa63d8c18c5cdd
- SHA256
  
  4e56c6d715cbcb506babfcb98a4b78002b0703439985ca7273d3aedbc14d1c18
- SHA512
  
  64bb641ffd573e0572e51d23312df08fabc60ead6377b57aad46a45b9c42ccf39b6ba8585aedfd4d1f3889e7d16a0f4efe23b85c82110e420bd42e9f8be529b7
- SSDEEP
  
  24576:FcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:BmZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy