healer | defbed4d82005e20cf4b58d3fb553217443624b18c7c56067c98cb16f29ce1f3 | Triage

Submit
Reports

Overview

overview

Static

static

3

5525da2fb5...3N.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5525da2fb5e74d02670c931e2545a5eaa4141a28468c975ec87226c33ac35ef3N.exe
Size

861KB
Sample

241111-t6xj8ssanc
MD5

0c9e9494c3050a2d2a4e75ef171c8ac8
SHA1

d33dd7ef341600adc0a6eec41b087f90ae84248b
SHA256

defbed4d82005e20cf4b58d3fb553217443624b18c7c56067c98cb16f29ce1f3
SHA512

ffd10d7f417ec5b9783b7809939ecf0cb97f75693eaa7faf41168d8e8a14dde7453238e194b39708662295511537a60b685c7f0c14db0d5284fb57bd24c4684c
SSDEEP

12288:cMrDy90MzuRVTgY0LaDV4V0zpwgbsATWsssNXCw2yF0tIQqspHOw7n7DjjD:fyy2GDzSgIAseXCoEn7u6D

Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5525da2fb5e74d02670c931e2545a5eaa4141a28468c975ec87226c33ac35ef3N.exe

Resource

win10v2004-20241007-en

healer redline mango discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Targets

- Target
  
  5525da2fb5e74d02670c931e2545a5eaa4141a28468c975ec87226c33ac35ef3N.exe
- Size
  
  861KB
- MD5
  
  0c9e9494c3050a2d2a4e75ef171c8ac8
- SHA1
  
  d33dd7ef341600adc0a6eec41b087f90ae84248b
- SHA256
  
  defbed4d82005e20cf4b58d3fb553217443624b18c7c56067c98cb16f29ce1f3
- SHA512
  
  ffd10d7f417ec5b9783b7809939ecf0cb97f75693eaa7faf41168d8e8a14dde7453238e194b39708662295511537a60b685c7f0c14db0d5284fb57bd24c4684c
- SSDEEP
  
  12288:cMrDy90MzuRVTgY0LaDV4V0zpwgbsATWsssNXCw2yF0tIQqspHOw7n7DjjD:fyy2GDzSgIAseXCoEn7u6D
Score

10^/10

healer redline mango discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy