healer | 5d8f05c08885ad33d71ded7787d7a84e9143b82575d0a9902ead5ce83f819a0d | Triage

Submit
Reports

Overview

overview

Static

static

3

5d8f05c088...dN.exe

windows10-2004-x64

Sharing

General

Target

5d8f05c08885ad33d71ded7787d7a84e9143b82575d0a9902ead5ce83f819a0dN.exe
Size

470KB
Sample

241120-fkpqls1dme
MD5

022575a04f9c0c6f88e1d3051e4c1790
SHA1

2bc12741fbc971b6db3dacdb5c7fe4159537d5a7
SHA256

5d8f05c08885ad33d71ded7787d7a84e9143b82575d0a9902ead5ce83f819a0d
SHA512

c112a3bf1dfd9f3374564014fb556fd5c03185112c8d3375dba56105e17fe95f5fb40f2363409ab50d8a06859df4d047b4f680fb33889ee670eb4f03307d593e
SSDEEP

6144:btp0yN90QEbBIUjqWhpdmRFFwdKpeKKXnLfq3baQbayukk17+8GVdxhSOJBk:Uy908UqGPAFzM3Ly3bRPg7+RJs

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d8f05c08885ad33d71ded7787d7a84e9143b82575d0a9902ead5ce83f819a0dN.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  5d8f05c08885ad33d71ded7787d7a84e9143b82575d0a9902ead5ce83f819a0dN.exe
- Size
  
  470KB
- MD5
  
  022575a04f9c0c6f88e1d3051e4c1790
- SHA1
  
  2bc12741fbc971b6db3dacdb5c7fe4159537d5a7
- SHA256
  
  5d8f05c08885ad33d71ded7787d7a84e9143b82575d0a9902ead5ce83f819a0d
- SHA512
  
  c112a3bf1dfd9f3374564014fb556fd5c03185112c8d3375dba56105e17fe95f5fb40f2363409ab50d8a06859df4d047b4f680fb33889ee670eb4f03307d593e
- SSDEEP
  
  6144:btp0yN90QEbBIUjqWhpdmRFFwdKpeKKXnLfq3baQbayukk17+8GVdxhSOJBk:Uy908UqGPAFzM3Ly3bRPg7+RJs
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy