healer | 59c2ee9ba6c43945928fe0432e1f13fd2c1cadd63f913cc1239ae332d2e8419d | Triage

Submit
Reports

Overview

overview

Static

static

3

59c2ee9ba6...9d.exe

windows10-2004-x64

Sharing

General

Target

59c2ee9ba6c43945928fe0432e1f13fd2c1cadd63f913cc1239ae332d2e8419d
Size

551KB
Sample

241122-abldyazpa1
MD5

6f1ceefbae657942229cdd669c431c16
SHA1

13a9e0b6fba1bdc0b83656f72c8d0971f2d410f7
SHA256

59c2ee9ba6c43945928fe0432e1f13fd2c1cadd63f913cc1239ae332d2e8419d
SHA512

b717d2172931bd60acac3fb8556e8acdfca9f88454e508752bff785e027ee59dcfae59e7041d7c124e1710d525dc66288fe24dc7c631efbe2ba7a91ddac6dbef
SSDEEP

12288:Jy900dLGWVEgl24sG2TGv0y9OBoT8IOSfTmQzY3bXHH:JyvLX2gAGf9pfT8bXHH

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

59c2ee9ba6c43945928fe0432e1f13fd2c1cadd63f913cc1239ae332d2e8419d.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  59c2ee9ba6c43945928fe0432e1f13fd2c1cadd63f913cc1239ae332d2e8419d
- Size
  
  551KB
- MD5
  
  6f1ceefbae657942229cdd669c431c16
- SHA1
  
  13a9e0b6fba1bdc0b83656f72c8d0971f2d410f7
- SHA256
  
  59c2ee9ba6c43945928fe0432e1f13fd2c1cadd63f913cc1239ae332d2e8419d
- SHA512
  
  b717d2172931bd60acac3fb8556e8acdfca9f88454e508752bff785e027ee59dcfae59e7041d7c124e1710d525dc66288fe24dc7c631efbe2ba7a91ddac6dbef
- SSDEEP
  
  12288:Jy900dLGWVEgl24sG2TGv0y9OBoT8IOSfTmQzY3bXHH:JyvLX2gAGf9pfT8bXHH
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy