healer | b1a2407e10753709ba43705133adfc69e15ef0bdcd4a66a9f688d25ba5c928d4 | Triage

Submit
Reports

Overview

overview

Static

static

3

b1a2407e10...4N.exe

windows10-2004-x64

Sharing

General

Target

b1a2407e10753709ba43705133adfc69e15ef0bdcd4a66a9f688d25ba5c928d4N.exe
Size

609KB
Sample

241119-rhkjnaxfmm
MD5

f52473c5280631638bce401692cf2820
SHA1

5f00458aaad60e44fe48e5e2d44f3e1ac575da89
SHA256

b1a2407e10753709ba43705133adfc69e15ef0bdcd4a66a9f688d25ba5c928d4
SHA512

630ca5a0af6b6ff8ef2ff01e30f68bd87df1a80a21cbeb08fff3379821cfdddbdc5c331db39753412d1a9d21f959669960ba362c9fcfaa8a5bbda37797a1c3b6
SSDEEP

12288:jy907qFEHWlHzm3OHBlbjqn3hiPefcwWAh3Jun61bZJgU7aROa:jy5FEHWlHHbjo3MPuJ+69rgHMa

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b1a2407e10753709ba43705133adfc69e15ef0bdcd4a66a9f688d25ba5c928d4N.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  b1a2407e10753709ba43705133adfc69e15ef0bdcd4a66a9f688d25ba5c928d4N.exe
- Size
  
  609KB
- MD5
  
  f52473c5280631638bce401692cf2820
- SHA1
  
  5f00458aaad60e44fe48e5e2d44f3e1ac575da89
- SHA256
  
  b1a2407e10753709ba43705133adfc69e15ef0bdcd4a66a9f688d25ba5c928d4
- SHA512
  
  630ca5a0af6b6ff8ef2ff01e30f68bd87df1a80a21cbeb08fff3379821cfdddbdc5c331db39753412d1a9d21f959669960ba362c9fcfaa8a5bbda37797a1c3b6
- SSDEEP
  
  12288:jy907qFEHWlHzm3OHBlbjqn3hiPefcwWAh3Jun61bZJgU7aROa:jy5FEHWlHHbjo3MPuJ+69rgHMa
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy