healer | 466299982a9984517043bb2d025e563c2e85f98d05e99d0bad225625105e7579 | Triage

Submit
Reports

Overview

overview

Static

static

3

466299982a...9N.exe

windows10-2004-x64

Sharing

General

Target

466299982a9984517043bb2d025e563c2e85f98d05e99d0bad225625105e7579N
Size

746KB
Sample

241111-b9gzvazfra
MD5

60fb08489bf0af085b1ad1e4eb09f600
SHA1

f1d12c5ca5ceaccc361b332a61e7959fed239116
SHA256

466299982a9984517043bb2d025e563c2e85f98d05e99d0bad225625105e7579
SHA512

a33cc84622cdb2aeb4b7020e6d763d9866350469baf291e1de39f1953ba0ae2ab42346e2a63b58b50344d64a22e1f7b5ddc0d699f8495a97f66fea757c984f7f
SSDEEP

12288:cy90cfXKcCVwvhD3f9S9uPvyDL4HtZhbEX7UUK5oroyYfpw1X/TUH:cyjfXF3fg9uPvYL4HNbcQ5nvxmG

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

466299982a9984517043bb2d025e563c2e85f98d05e99d0bad225625105e7579N.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  466299982a9984517043bb2d025e563c2e85f98d05e99d0bad225625105e7579N
- Size
  
  746KB
- MD5
  
  60fb08489bf0af085b1ad1e4eb09f600
- SHA1
  
  f1d12c5ca5ceaccc361b332a61e7959fed239116
- SHA256
  
  466299982a9984517043bb2d025e563c2e85f98d05e99d0bad225625105e7579
- SHA512
  
  a33cc84622cdb2aeb4b7020e6d763d9866350469baf291e1de39f1953ba0ae2ab42346e2a63b58b50344d64a22e1f7b5ddc0d699f8495a97f66fea757c984f7f
- SSDEEP
  
  12288:cy90cfXKcCVwvhD3f9S9uPvyDL4HtZhbEX7UUK5oroyYfpw1X/TUH:cyjfXF3fg9uPvYL4HNbcQ5nvxmG
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy