healer | 34dd401b8fde76aadeefc1d8999017db39b3aedc5b3c88839edda04da790df08 | Triage

Submit
Reports

Overview

overview

Static

static

3

b07b85dcad...36.exe

windows10-2004-x64

Sharing

General

Target

34dd401b8fde76aadeefc1d8999017db39b3aedc5b3c88839edda04da790df08
Size

427KB
Sample

241111-ccwbmszgpb
MD5

00167d5e77f6d2ba4ca4dbd2cd2b6132
SHA1

31cd3223aebea735a22d3a04a3aedbc505d38cf9
SHA256

34dd401b8fde76aadeefc1d8999017db39b3aedc5b3c88839edda04da790df08
SHA512

86c5cd7eb7cda2d6bab7e93947317684a7b89d6e5d8103530484dda757e38aa5948c8867c354dc4e11c46faea3336964f70a57f44829db1380722193aa9f43a9
SSDEEP

12288:/2jKMhUnaGdMkaZSFES/PqAmTpKes1jnuMFpC0A:hMh3GCkaS3NmTrmDC0A

Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b07b85dcad43a6ec554d4f1c2de7dd67ae73ec34fa2bd295db7dd29ae90f5f36.exe

Resource

win10v2004-20241007-en

healer redline fukia discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes

auth_value
e5783636fbd9e4f0cf9a017bce02e67e

Targets

- Target
  
  b07b85dcad43a6ec554d4f1c2de7dd67ae73ec34fa2bd295db7dd29ae90f5f36.exe
- Size
  
  478KB
- MD5
  
  1ee56a32b1338908490778968a08619b
- SHA1
  
  0472337f0b40ae3d4e27f8c2d294ba0920fa63b6
- SHA256
  
  b07b85dcad43a6ec554d4f1c2de7dd67ae73ec34fa2bd295db7dd29ae90f5f36
- SHA512
  
  fbf18f7a00256ee1491e661b876bbce12bcc70bed9c0fd47ac2dfbab18f5afc6f6c6f58d79b8a169aa88bed11571fe8c93dff129b7af7279ffed23c4b12b12e9
- SSDEEP
  
  6144:KZy+bnr+Xp0yN90QEFaM2gBY+iX7Z8L4BghdCEK+XvM7urK0aZiqPH/Jwuak+kMm:bMr7y90faJGYp7Z8L4kLsQ1aZ9X2bnm
Score

10^/10

healer redline fukia discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinefukiadiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy