healer | 339bb83fbdc2b274975f53180d23ae91341965b029d6d39f30066574e3696a2d | Triage

Submit
Reports

Overview

overview

Static

static

3

339bb83fbd...2d.exe

windows7-x64

339bb83fbd...2d.exe

windows10-2004-x64

Sharing

General

Target

339bb83fbdc2b274975f53180d23ae91341965b029d6d39f30066574e3696a2d
Size

1.1MB
Sample

241111-az539axqgv
MD5

1f5fd6ecce1415f67effb99f34fb3627
SHA1

e6ca2ff6922e9a044b68b8b88eb1a1634cf0781c
SHA256

339bb83fbdc2b274975f53180d23ae91341965b029d6d39f30066574e3696a2d
SHA512

1c3ed3f990021a11c22430b8534153cbde65380fdd5d2c98005f59f07e1075c3283d90d681bc1fb7eece92553c7dff7100ead049ff86ffa111f9fe0a8f667e79
SSDEEP

24576:FypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:FyWVk6/b8tH5ZrTxxyMp4VNr5hVge

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

339bb83fbdc2b274975f53180d23ae91341965b029d6d39f30066574e3696a2d.exe

Resource

win7-20240708-en

healer redline discovery dropper evasion infostealer persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

339bb83fbdc2b274975f53180d23ae91341965b029d6d39f30066574e3696a2d.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  339bb83fbdc2b274975f53180d23ae91341965b029d6d39f30066574e3696a2d
- Size
  
  1.1MB
- MD5
  
  1f5fd6ecce1415f67effb99f34fb3627
- SHA1
  
  e6ca2ff6922e9a044b68b8b88eb1a1634cf0781c
- SHA256
  
  339bb83fbdc2b274975f53180d23ae91341965b029d6d39f30066574e3696a2d
- SHA512
  
  1c3ed3f990021a11c22430b8534153cbde65380fdd5d2c98005f59f07e1075c3283d90d681bc1fb7eece92553c7dff7100ead049ff86ffa111f9fe0a8f667e79
- SSDEEP
  
  24576:FypMtpV4x/fy/b8XftHvBZcCTdBACKl3RqyuFpK3qaNecz5tO7yNhVIveS:FyWVk6/b8tH5ZrTxxyMp4VNr5hVge
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy