healer | d0266a6e9d5e4ebdf114c332044507e8db1440706ca20d3957011bb139f04c56 | Triage

Submit
Reports

Overview

overview

Static

static

3

d0266a6e9d...56.exe

windows7-x64

d0266a6e9d...56.exe

windows10-2004-x64

Sharing

General

Target

d0266a6e9d5e4ebdf114c332044507e8db1440706ca20d3957011bb139f04c56
Size

1.2MB
Sample

241111-arx3nsybpk
MD5

2c1094670a6eb473bbe59dbeaa8838d8
SHA1

42bc8e441e7d6a95a70a7f573e2c165e841e9614
SHA256

d0266a6e9d5e4ebdf114c332044507e8db1440706ca20d3957011bb139f04c56
SHA512

c6c9dd80a404bf9372cfb86ee66e6d12826593585c218b66d45b707785977f5b78a6ce7fe4844209e9096e530943ddbda3f1d9443698862fee310e1949e24ab5
SSDEEP

24576:uc9RstFRHwzmMZlFXCTYaOo2QduHmp8tagFhXskm:ucQrSmdcpOdp/gX

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d0266a6e9d5e4ebdf114c332044507e8db1440706ca20d3957011bb139f04c56.exe

Resource

win7-20241010-en

healer redline discovery dropper evasion infostealer persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d0266a6e9d5e4ebdf114c332044507e8db1440706ca20d3957011bb139f04c56.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  d0266a6e9d5e4ebdf114c332044507e8db1440706ca20d3957011bb139f04c56
- Size
  
  1.2MB
- MD5
  
  2c1094670a6eb473bbe59dbeaa8838d8
- SHA1
  
  42bc8e441e7d6a95a70a7f573e2c165e841e9614
- SHA256
  
  d0266a6e9d5e4ebdf114c332044507e8db1440706ca20d3957011bb139f04c56
- SHA512
  
  c6c9dd80a404bf9372cfb86ee66e6d12826593585c218b66d45b707785977f5b78a6ce7fe4844209e9096e530943ddbda3f1d9443698862fee310e1949e24ab5
- SSDEEP
  
  24576:uc9RstFRHwzmMZlFXCTYaOo2QduHmp8tagFhXskm:ucQrSmdcpOdp/gX
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy