healer | 2c6d2d003a009f9a0bd913dc4873f98788e4081a16cc409fb32e07748f7d2916 | Triage

Submit
Reports

Overview

overview

Static

static

3

491591a7ee...ee.exe

windows10-2004-x64

Sharing

General

Target

2c6d2d003a009f9a0bd913dc4873f98788e4081a16cc409fb32e07748f7d2916
Size

1018KB
Sample

241111-k435kaxbll
MD5

ac28b0065a65d33593c2b84f45bc465f
SHA1

049ef5d931e7cf958f4b716f06e0752a0a3ae79f
SHA256

2c6d2d003a009f9a0bd913dc4873f98788e4081a16cc409fb32e07748f7d2916
SHA512

564abec11568960259161d905c8bfb69e467de675115c2028fddfcdbc947a4d8df65397dfb1c6d41e55b6e239322216c828307fb564827271149df35a59fff10
SSDEEP

24576:zpkn454POUyAvVkkBFE71v/e/Lc7iLl1yC:zpkn46m2LQ7I/GAzx

Score

10^/10

healer redline droz norm discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

491591a7ee17ecc82de39bee1090087b0d9e5d1aca2164368b056a5ac936aeee.exe

Resource

win10v2004-20241007-en

healer redline droz norm discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes

auth_value
1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

droz

C2

77.91.124.145:4125

Attributes

auth_value
d099adf6dbf6ccb8e16967104280634a

Targets

- Target
  
  491591a7ee17ecc82de39bee1090087b0d9e5d1aca2164368b056a5ac936aeee.exe
- Size
  
  1.0MB
- MD5
  
  b6fdcf0e43d16a2f0232418e21952e36
- SHA1
  
  fef27b4e70a98b0036a41b06dee2adeab7e1b77c
- SHA256
  
  491591a7ee17ecc82de39bee1090087b0d9e5d1aca2164368b056a5ac936aeee
- SHA512
  
  7951231ac9952e0373483a2020c75af1809d55b0abef5a874cdd44123c80f92a5c2a8f3aee48b4c70b05e269dfd833d764c2c16f539625a5309100b0505f69bf
- SSDEEP
  
  24576:iyqCIYsZfI26RwJcew+raXX79bcrNVxlBQPFnoS:JqLY0UZIyXJbcrZlWFn
Score

10^/10

healer redline droz norm discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedroznormdiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy