healer | 0d49c2d3cf9ae5c0f75d3a33f3bd5ce19228a8f2f6b8711a1dc207dbb1a75baf | Triage

Submit
Reports

Overview

overview

Static

static

3

0d49c2d3cf...af.exe

windows10-2004-x64

Sharing

General

Target

0d49c2d3cf9ae5c0f75d3a33f3bd5ce19228a8f2f6b8711a1dc207dbb1a75baf
Size

1.4MB
Sample

241111-becrmsslbq
MD5

7e4b05999f3157f1d3327cdde61620a5
SHA1

c4ebe871cb835699c8cd59f8182aa5b07ef6d560
SHA256

0d49c2d3cf9ae5c0f75d3a33f3bd5ce19228a8f2f6b8711a1dc207dbb1a75baf
SHA512

cf606c46712af6c25efe0b8b51f19442f1018a56c1b0c6551c40606f28d37d17d3f7075cc948200d2f2012b32685d661294f329c89ff138ce3675baddc67ac72
SSDEEP

24576:rydG19dotlhF9+4osbnMEqRGsPnK/KvzUWLdpim+Q1hw43XLLi/vp3mmz9vG:ew9dq3gt6NqK/WzUWLdJvh3XLM1

Score

10^/10

healer redline mask discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0d49c2d3cf9ae5c0f75d3a33f3bd5ce19228a8f2f6b8711a1dc207dbb1a75baf.exe

Resource

win10v2004-20241007-en

healer redline mask discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes

auth_value
31aef25be0febb8e491794ef7f502c50

Targets

- Target
  
  0d49c2d3cf9ae5c0f75d3a33f3bd5ce19228a8f2f6b8711a1dc207dbb1a75baf
- Size
  
  1.4MB
- MD5
  
  7e4b05999f3157f1d3327cdde61620a5
- SHA1
  
  c4ebe871cb835699c8cd59f8182aa5b07ef6d560
- SHA256
  
  0d49c2d3cf9ae5c0f75d3a33f3bd5ce19228a8f2f6b8711a1dc207dbb1a75baf
- SHA512
  
  cf606c46712af6c25efe0b8b51f19442f1018a56c1b0c6551c40606f28d37d17d3f7075cc948200d2f2012b32685d661294f329c89ff138ce3675baddc67ac72
- SSDEEP
  
  24576:rydG19dotlhF9+4osbnMEqRGsPnK/KvzUWLdpim+Q1hw43XLLi/vp3mmz9vG:ew9dq3gt6NqK/WzUWLdJvh3XLM1
Score

10^/10

healer redline mask discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemaskdiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy