healer | 9dbf7bcfbf6de0de7f46955d81bf6bc023fa4172be37660a579c3072cebb5b3f | Triage

Submit
Reports

Overview

overview

Static

static

3

9dbf7bcfbf...3f.exe

windows10-2004-x64

Sharing

General

Target

9dbf7bcfbf6de0de7f46955d81bf6bc023fa4172be37660a579c3072cebb5b3f
Size

687KB
Sample

241111-csh19atmfp
MD5

ff0c1feed2b7bbdc476a34ef9d6bccf4
SHA1

6ce2ea70a9cf7b2b29a217f434eba12c66024691
SHA256

9dbf7bcfbf6de0de7f46955d81bf6bc023fa4172be37660a579c3072cebb5b3f
SHA512

c3eb18d0c29b5648a7b640118bda783a49095d54852662ecf8e44169da36ed5c1ef5b9db1b42599c2c3a5d94e7aaac6b59202cac216a45d90b78a440bbb27fbb
SSDEEP

12288:JMrBy90Q4qHWetow65495XSUrIYMi1HBd1mm3lGhHhnm43BFbBb35k:QyWTw395DB3AlJmqZBq

Score

10^/10

healer redline sony discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9dbf7bcfbf6de0de7f46955d81bf6bc023fa4172be37660a579c3072cebb5b3f.exe

Resource

win10v2004-20241007-en

healer redline sony discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes

auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

- Target
  
  9dbf7bcfbf6de0de7f46955d81bf6bc023fa4172be37660a579c3072cebb5b3f
- Size
  
  687KB
- MD5
  
  ff0c1feed2b7bbdc476a34ef9d6bccf4
- SHA1
  
  6ce2ea70a9cf7b2b29a217f434eba12c66024691
- SHA256
  
  9dbf7bcfbf6de0de7f46955d81bf6bc023fa4172be37660a579c3072cebb5b3f
- SHA512
  
  c3eb18d0c29b5648a7b640118bda783a49095d54852662ecf8e44169da36ed5c1ef5b9db1b42599c2c3a5d94e7aaac6b59202cac216a45d90b78a440bbb27fbb
- SSDEEP
  
  12288:JMrBy90Q4qHWetow65495XSUrIYMi1HBd1mm3lGhHhnm43BFbBb35k:QyWTw395DB3AlJmqZBq
Score

10^/10

healer redline sony discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinesonydiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy