healer | d7a1b4ec019ee95903260b73c23d663d73fdc009af063126f1430db8868efe0f | Triage

Submit
Reports

Overview

overview

Static

static

3

d7a1b4ec01...0f.exe

windows10-2004-x64

Sharing

General

Target

d7a1b4ec019ee95903260b73c23d663d73fdc009af063126f1430db8868efe0f
Size

693KB
Sample

241111-bztwnazapq
MD5

780b8faa978049b3e5e599a21e7e9430
SHA1

6374c46a7b8d8c14bf705d2769341ff366b59c52
SHA256

d7a1b4ec019ee95903260b73c23d663d73fdc009af063126f1430db8868efe0f
SHA512

66caf553a9d1c1e4488c92edc1564c0a447477009e4ff51bcb3efde2b67073a8b20eb3cbe385836cfe52ebd1d5a11ed51d8246bce674c3a02b8395f763e5d7ec
SSDEEP

12288:fy9073NdcAxUwgzpzLhfo7l8jEz7w69HY2apt7n:fyc9HUw2p9iGjs7+2aTz

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d7a1b4ec019ee95903260b73c23d663d73fdc009af063126f1430db8868efe0f.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  d7a1b4ec019ee95903260b73c23d663d73fdc009af063126f1430db8868efe0f
- Size
  
  693KB
- MD5
  
  780b8faa978049b3e5e599a21e7e9430
- SHA1
  
  6374c46a7b8d8c14bf705d2769341ff366b59c52
- SHA256
  
  d7a1b4ec019ee95903260b73c23d663d73fdc009af063126f1430db8868efe0f
- SHA512
  
  66caf553a9d1c1e4488c92edc1564c0a447477009e4ff51bcb3efde2b67073a8b20eb3cbe385836cfe52ebd1d5a11ed51d8246bce674c3a02b8395f763e5d7ec
- SSDEEP
  
  12288:fy9073NdcAxUwgzpzLhfo7l8jEz7w69HY2apt7n:fyc9HUw2p9iGjs7+2aTz
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy