healer | c609341cff15114c10613d1c19a6a2ac8be530b620c8544ff56b712ea9adfc27 | Triage

Submit
Reports

Overview

overview

Static

static

3

c609341cff...27.exe

windows10-2004-x64

Sharing

General

Target

c609341cff15114c10613d1c19a6a2ac8be530b620c8544ff56b712ea9adfc27
Size

478KB
Sample

241111-cn8fcazfpm
MD5

582fada8db6db4125811e30980a9810d
SHA1

444de13097d4b547da1f146d3b6c3214fda6ed36
SHA256

c609341cff15114c10613d1c19a6a2ac8be530b620c8544ff56b712ea9adfc27
SHA512

e02b507f3a8f42853ede5a8d848c773dd321f6ec0df207ce6e02796bf1e158503aa00eedf93558a3da9307762550df30e9ff036b2a3244fb6ead8d878ee97216
SSDEEP

12288:yMrsy90ObFn5B6X5c1u31zTJb8chrTd08:Kydbt2JXdT1Lm8

Score

10^/10

healer redline ditro discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c609341cff15114c10613d1c19a6a2ac8be530b620c8544ff56b712ea9adfc27.exe

Resource

win10v2004-20241007-en

healer redline ditro discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes

auth_value
8f24ed370a9b24aa28d3d634ea57912e

Targets

- Target
  
  c609341cff15114c10613d1c19a6a2ac8be530b620c8544ff56b712ea9adfc27
- Size
  
  478KB
- MD5
  
  582fada8db6db4125811e30980a9810d
- SHA1
  
  444de13097d4b547da1f146d3b6c3214fda6ed36
- SHA256
  
  c609341cff15114c10613d1c19a6a2ac8be530b620c8544ff56b712ea9adfc27
- SHA512
  
  e02b507f3a8f42853ede5a8d848c773dd321f6ec0df207ce6e02796bf1e158503aa00eedf93558a3da9307762550df30e9ff036b2a3244fb6ead8d878ee97216
- SSDEEP
  
  12288:yMrsy90ObFn5B6X5c1u31zTJb8chrTd08:Kydbt2JXdT1Lm8
Score

10^/10

healer redline ditro discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlineditrodiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy