healer | 30e2deda450cb395e18a5f16cdc96a9b7ee4469b98ceafd65587ad6807c2d4d5 | Triage

Submit
Reports

Overview

overview

Static

static

3

30e2deda45...d5.exe

windows10-2004-x64

Sharing

General

Target

30e2deda450cb395e18a5f16cdc96a9b7ee4469b98ceafd65587ad6807c2d4d5.exe
Size

610KB
Sample

241118-rsplcsyerr
MD5

2a94bc63f69140ba9d248704616306bd
SHA1

63cfbd7a2367f6b98f8f4cb98cfb52aa8ffa3c4a
SHA256

30e2deda450cb395e18a5f16cdc96a9b7ee4469b98ceafd65587ad6807c2d4d5
SHA512

1080062be29296296f081616e1b4f57d6f065baa4a8f868e016df7b419e13f32358c959821ca69dfd69348eda63a0ee731a91c2d6ffddd7ac383d2401c5f43f5
SSDEEP

12288:Jy90c6k/YvOboajMsaiRzhkdkG2rgIXYiIRbRxo3K9ZDmOCSELA:JySOBb7kdkG5/RbRxeK9ZDOA

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

30e2deda450cb395e18a5f16cdc96a9b7ee4469b98ceafd65587ad6807c2d4d5.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  30e2deda450cb395e18a5f16cdc96a9b7ee4469b98ceafd65587ad6807c2d4d5.exe
- Size
  
  610KB
- MD5
  
  2a94bc63f69140ba9d248704616306bd
- SHA1
  
  63cfbd7a2367f6b98f8f4cb98cfb52aa8ffa3c4a
- SHA256
  
  30e2deda450cb395e18a5f16cdc96a9b7ee4469b98ceafd65587ad6807c2d4d5
- SHA512
  
  1080062be29296296f081616e1b4f57d6f065baa4a8f868e016df7b419e13f32358c959821ca69dfd69348eda63a0ee731a91c2d6ffddd7ac383d2401c5f43f5
- SSDEEP
  
  12288:Jy90c6k/YvOboajMsaiRzhkdkG2rgIXYiIRbRxo3K9ZDmOCSELA:JySOBb7kdkG5/RbRxeK9ZDOA
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy