healer | 99d705782c003dd051efc01425c3a227c08f2354c805266ecd781b08a1a0d05d | Triage

Submit
Reports

Overview

overview

Static

static

3

99d705782c...5d.exe

windows10-2004-x64

Sharing

General

Target

99d705782c003dd051efc01425c3a227c08f2354c805266ecd781b08a1a0d05d
Size

706KB
Sample

241111-c1d29s1aml
MD5

b333f15f048dcd3718f8ed64168f4b52
SHA1

f382f2cfc1a35e6c3b4a74287e714886acff6e3b
SHA256

99d705782c003dd051efc01425c3a227c08f2354c805266ecd781b08a1a0d05d
SHA512

8407e775be97b6b3c358a353b1cddcace5ab84dc61f786fbc04952a435de4f9ba17cce5d8d7af6d8f51b9c0a033f704b21474a5b6907a1b5d5432894cd7c63a5
SSDEEP

12288:Iy90mTxQIQkT3gLX3njS/m8l5rzEf2N3qO/867/ce84UXmbB:Iy0BkzSXEblFEf2bB3MmN

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

99d705782c003dd051efc01425c3a227c08f2354c805266ecd781b08a1a0d05d.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  99d705782c003dd051efc01425c3a227c08f2354c805266ecd781b08a1a0d05d
- Size
  
  706KB
- MD5
  
  b333f15f048dcd3718f8ed64168f4b52
- SHA1
  
  f382f2cfc1a35e6c3b4a74287e714886acff6e3b
- SHA256
  
  99d705782c003dd051efc01425c3a227c08f2354c805266ecd781b08a1a0d05d
- SHA512
  
  8407e775be97b6b3c358a353b1cddcace5ab84dc61f786fbc04952a435de4f9ba17cce5d8d7af6d8f51b9c0a033f704b21474a5b6907a1b5d5432894cd7c63a5
- SSDEEP
  
  12288:Iy90mTxQIQkT3gLX3njS/m8l5rzEf2N3qO/867/ce84UXmbB:Iy0BkzSXEblFEf2bB3MmN
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy