healer | 95a60ca147f9ed3a27f8a519e571fd604d4b97f34dc9b9a89191e305cceb7a16 | Triage

Submit
Reports

Overview

overview

Static

static

3

34e4b463fb...f3.exe

windows7-x64

34e4b463fb...f3.exe

windows10-2004-x64

Sharing

General

Target

95a60ca147f9ed3a27f8a519e571fd604d4b97f34dc9b9a89191e305cceb7a16
Size

1.1MB
Sample

241111-bns5zsylgx
MD5

64334249a8ec45d079e212e9ddeaa267
SHA1

110de98cde3d2a868cfe77a896c6ec57923d97dd
SHA256

95a60ca147f9ed3a27f8a519e571fd604d4b97f34dc9b9a89191e305cceb7a16
SHA512

4a2caf3d2943480aa0354356cab5e0c67603e09e648915506f36e068eb15570c1308248480935150129af1a1539ab6223245e78bfde8354ed149526a238d13a3
SSDEEP

24576:2P4vhsVnJGesMsPDmwx26BQU8VxiozNbPpKx0S3qA/y:bhInUesMsbmwIsyxis9PpqBvq

Score

10^/10

healer redline gena discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

34e4b463fbcd4d449f46db06b94c78d9310f627a979209f01069d3f2aacb0ef3.exe

Resource

win7-20240903-en

healer redline gena discovery dropper evasion infostealer persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

34e4b463fbcd4d449f46db06b94c78d9310f627a979209f01069d3f2aacb0ef3.exe

Resource

win10v2004-20241007-en

healer redline gena discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes

auth_value
93c20961cb6b06b2d5781c212db6201e

Targets

- Target
  
  34e4b463fbcd4d449f46db06b94c78d9310f627a979209f01069d3f2aacb0ef3.exe
- Size
  
  1.2MB
- MD5
  
  c928c4f33501eabb6ddac2b0523f171d
- SHA1
  
  829a35bdb377b60971e59702a5ac50fed1ee9414
- SHA256
  
  34e4b463fbcd4d449f46db06b94c78d9310f627a979209f01069d3f2aacb0ef3
- SHA512
  
  66bea42fcc47ebb39446859272d9df748d583dd349f97b635cfda210080d8916a3985fce9c9d2c8280fd250a079a821679c9b087bb70fe10cb94b31fb487ecb1
- SSDEEP
  
  24576:bogX4PvpDseL3ckNcZQrKxl3fXZ16b4PEPtYn1h7Xn6iZGyF:bdoPLrcepKfBG4PEED7XF
Score

10^/10

healer redline gena discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinegenadiscoverydropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinegenadiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy