healer | eaaca63171fb76bd2ac8f2105e363c215baebba7b275cee61096464f3cbdc156 | Triage

Submit
Reports

Overview

overview

Static

static

3

eaaca63171...56.exe

windows7-x64

eaaca63171...56.exe

windows10-2004-x64

Sharing

General

Target

eaaca63171fb76bd2ac8f2105e363c215baebba7b275cee61096464f3cbdc156
Size

1.2MB
Sample

241111-bqklmaymbs
MD5

22804dc7b9d8f3d88fb2c8d6783ce62a
SHA1

90d70b542ef097627809a45128573c81a011e041
SHA256

eaaca63171fb76bd2ac8f2105e363c215baebba7b275cee61096464f3cbdc156
SHA512

8b401450d55d29563ac24e8eeb5324f0cf7eb1b2dd7006f8c11e44db3d580153dac039123e4a76d38a7451b3a1b7c27c913b4f288da21e692139a9d5d055a04e
SSDEEP

24576:50zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:50zNUYjkCcPoJgK3ss+y4bN

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eaaca63171fb76bd2ac8f2105e363c215baebba7b275cee61096464f3cbdc156.exe

Resource

win7-20240903-en

healer redline discovery dropper evasion infostealer persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

eaaca63171fb76bd2ac8f2105e363c215baebba7b275cee61096464f3cbdc156.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  eaaca63171fb76bd2ac8f2105e363c215baebba7b275cee61096464f3cbdc156
- Size
  
  1.2MB
- MD5
  
  22804dc7b9d8f3d88fb2c8d6783ce62a
- SHA1
  
  90d70b542ef097627809a45128573c81a011e041
- SHA256
  
  eaaca63171fb76bd2ac8f2105e363c215baebba7b275cee61096464f3cbdc156
- SHA512
  
  8b401450d55d29563ac24e8eeb5324f0cf7eb1b2dd7006f8c11e44db3d580153dac039123e4a76d38a7451b3a1b7c27c913b4f288da21e692139a9d5d055a04e
- SSDEEP
  
  24576:50zwEbpelsnjkyfxpcP7kJxnSnF83PRiGBgy3rIgBQzbypT6bg6gO:50zNUYjkCcPoJgK3ss+y4bN
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

behavioral2

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy