healer | b48ba90faa714a8387b43e098ccf6d72a401152ac4f55e882c79443a5715f67b | Triage

Submit
Reports

Overview

overview

Static

static

3

b48ba90faa...7b.exe

windows10-2004-x64

Sharing

General

Target

b48ba90faa714a8387b43e098ccf6d72a401152ac4f55e882c79443a5715f67b.exe
Size

1.1MB
Sample

241120-cj9gvayern
MD5

0e228ea8e6f9dc1390f1d51d5f0b661e
SHA1

535d61349ffaf8effcfea271a3083c4ec0a135a7
SHA256

b48ba90faa714a8387b43e098ccf6d72a401152ac4f55e882c79443a5715f67b
SHA512

5261fbec095b1f453e23de160148f0413f799c2b50acf12f61bad30b4c9e6e65678b66a9e1738d8b3505f52dbeeb7ecdf4353452ae46530df3a141c5935473aa
SSDEEP

24576:gyrKxOytUAEts2Q/EasZYZXLFWteaHqeuOijEfsSltmw9rWHdhE:nrsftULt/6ExZYZLYMaHqGijEfHtmIEg

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b48ba90faa714a8387b43e098ccf6d72a401152ac4f55e882c79443a5715f67b.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  b48ba90faa714a8387b43e098ccf6d72a401152ac4f55e882c79443a5715f67b.exe
- Size
  
  1.1MB
- MD5
  
  0e228ea8e6f9dc1390f1d51d5f0b661e
- SHA1
  
  535d61349ffaf8effcfea271a3083c4ec0a135a7
- SHA256
  
  b48ba90faa714a8387b43e098ccf6d72a401152ac4f55e882c79443a5715f67b
- SHA512
  
  5261fbec095b1f453e23de160148f0413f799c2b50acf12f61bad30b4c9e6e65678b66a9e1738d8b3505f52dbeeb7ecdf4353452ae46530df3a141c5935473aa
- SSDEEP
  
  24576:gyrKxOytUAEts2Q/EasZYZXLFWteaHqeuOijEfsSltmw9rWHdhE:nrsftULt/6ExZYZLYMaHqGijEfHtmIEg
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy