healer | 6dbb4dfc61ef7239f9215f8f9cf3ec2313e94c37833a60d1ab39e20c900c34ce | Triage

Submit
Reports

Overview

overview

Static

static

3

6dbb4dfc61...ce.exe

windows10-2004-x64

Sharing

General

Target

6dbb4dfc61ef7239f9215f8f9cf3ec2313e94c37833a60d1ab39e20c900c34ce
Size

943KB
Sample

241111-cjmm3szepn
MD5

b301fce24bf99cd535d2a72daac7c712
SHA1

f21b257847837ff0c5c1e3ff4417c95c608d788c
SHA256

6dbb4dfc61ef7239f9215f8f9cf3ec2313e94c37833a60d1ab39e20c900c34ce
SHA512

12d099eb304290c3436d98aae39c7decfdfd4298a81d83f300ecf81e21779e716925db829182349ca527d7ce8f1bb988dcabe48cacbc2b5f0e5f8acc3d14e96d
SSDEEP

24576:ayP0UtuKjZJnBu61nvSqHdtg29yKKlTdPz7:hP6CZJnASf9R9yKeJP

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6dbb4dfc61ef7239f9215f8f9cf3ec2313e94c37833a60d1ab39e20c900c34ce.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  6dbb4dfc61ef7239f9215f8f9cf3ec2313e94c37833a60d1ab39e20c900c34ce
- Size
  
  943KB
- MD5
  
  b301fce24bf99cd535d2a72daac7c712
- SHA1
  
  f21b257847837ff0c5c1e3ff4417c95c608d788c
- SHA256
  
  6dbb4dfc61ef7239f9215f8f9cf3ec2313e94c37833a60d1ab39e20c900c34ce
- SHA512
  
  12d099eb304290c3436d98aae39c7decfdfd4298a81d83f300ecf81e21779e716925db829182349ca527d7ce8f1bb988dcabe48cacbc2b5f0e5f8acc3d14e96d
- SSDEEP
  
  24576:ayP0UtuKjZJnBu61nvSqHdtg29yKKlTdPz7:hP6CZJnASf9R9yKeJP
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy