healer | d548a11e7e2c4a2afbc8f6e13e35d75fa7444c20740a4ea6d37a9dcf8bc9fd2d | Triage

Submit
Reports

Overview

overview

Static

static

3

d548a11e7e...2d.exe

windows10-2004-x64

Sharing

General

Target

d548a11e7e2c4a2afbc8f6e13e35d75fa7444c20740a4ea6d37a9dcf8bc9fd2d.exe
Size

1.2MB
Sample

241119-gfdyzswlen
MD5

d51f44355e1887c6c76515ec4418ad8a
SHA1

bbf8e10298a17fff9d31229a2dac5eb9be65ae40
SHA256

d548a11e7e2c4a2afbc8f6e13e35d75fa7444c20740a4ea6d37a9dcf8bc9fd2d
SHA512

7b9adb06c087e431d7f158317352953351b3c2a6dd18a8dc92a6494773c8b85255e635e3a941420bb805af5393413b130be3b9ea7b511644343d6bf87d52df9b
SSDEEP

24576:Jy/PlVhzVananoxlRVv1LREdo+hlhvTjNCRhS2NS3JCOa5:8/HaaslRwtIN+UOY

Score

10^/10

healer redline dirx soft discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d548a11e7e2c4a2afbc8f6e13e35d75fa7444c20740a4ea6d37a9dcf8bc9fd2d.exe

Resource

win10v2004-20241007-en

healer redline dirx soft discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

soft

C2

77.91.124.146:4121

Attributes

auth_value
e65663e455bca3c5699650b66e76ceaa

Extracted

Family

redline

Botnet

dirx

C2

77.91.124.146:4121

Attributes

auth_value
522d988f763be056e53e089f74d464cc

Targets

- Target
  
  d548a11e7e2c4a2afbc8f6e13e35d75fa7444c20740a4ea6d37a9dcf8bc9fd2d.exe
- Size
  
  1.2MB
- MD5
  
  d51f44355e1887c6c76515ec4418ad8a
- SHA1
  
  bbf8e10298a17fff9d31229a2dac5eb9be65ae40
- SHA256
  
  d548a11e7e2c4a2afbc8f6e13e35d75fa7444c20740a4ea6d37a9dcf8bc9fd2d
- SHA512
  
  7b9adb06c087e431d7f158317352953351b3c2a6dd18a8dc92a6494773c8b85255e635e3a941420bb805af5393413b130be3b9ea7b511644343d6bf87d52df9b
- SSDEEP
  
  24576:Jy/PlVhzVananoxlRVv1LREdo+hlhvTjNCRhS2NS3JCOa5:8/HaaslRwtIN+UOY
Score

10^/10

healer redline dirx soft discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedirxsoftdiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy