healer | 1f80cd88c7b59d8740ea05e47c0cb9db6c752a127045ee484f8ce151e7bd3abd | Triage

Submit
Reports

Overview

overview

Static

static

3

1f80cd88c7...bd.exe

windows10-2004-x64

Sharing

General

Target

1f80cd88c7b59d8740ea05e47c0cb9db6c752a127045ee484f8ce151e7bd3abd
Size

690KB
Sample

241111-asw7rs1qbm
MD5

7ea2a9210918c1f907d0b7780e2c6cde
SHA1

6bcf0f87c66d795c8d9a3e3e676c6918bcde7882
SHA256

1f80cd88c7b59d8740ea05e47c0cb9db6c752a127045ee484f8ce151e7bd3abd
SHA512

7482e102e94e654bc0022194e2dc238121e194dde4fd2410bd83cf8a678c312a01108b074101139841470f6396f74b9a951036f5f5e9b633d9d004a75c9b9ea2
SSDEEP

12288:+y90cRtUz7vswPdyHki488jOvynF4oHcqS0xDp2vm3a+KYqC:+yJu7vPPdy1SMynFvHcu92v+KC

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f80cd88c7b59d8740ea05e47c0cb9db6c752a127045ee484f8ce151e7bd3abd.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f80cd88c7b59d8740ea05e47c0cb9db6c752a127045ee484f8ce151e7bd3abd
- Size
  
  690KB
- MD5
  
  7ea2a9210918c1f907d0b7780e2c6cde
- SHA1
  
  6bcf0f87c66d795c8d9a3e3e676c6918bcde7882
- SHA256
  
  1f80cd88c7b59d8740ea05e47c0cb9db6c752a127045ee484f8ce151e7bd3abd
- SHA512
  
  7482e102e94e654bc0022194e2dc238121e194dde4fd2410bd83cf8a678c312a01108b074101139841470f6396f74b9a951036f5f5e9b633d9d004a75c9b9ea2
- SSDEEP
  
  12288:+y90cRtUz7vswPdyHki488jOvynF4oHcqS0xDp2vm3a+KYqC:+yJu7vPPdy1SMynFvHcu92v+KC
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy