healer | 5b5e83267fa8d0f7bd4335620257a8ab42d1e6c1a968ba00ecd6b1651afc5f7c | Triage

Submit
Reports

Overview

overview

Static

static

3

5b5e83267f...cN.exe

windows10-2004-x64

Sharing

General

Target

5b5e83267fa8d0f7bd4335620257a8ab42d1e6c1a968ba00ecd6b1651afc5f7cN.exe
Size

415KB
Sample

241123-b4d11a1jak
MD5

4d1f2b776fcfec9315efc0b09d146870
SHA1

074d5bcf3ff0f7c6747f5e320009434969b2635a
SHA256

5b5e83267fa8d0f7bd4335620257a8ab42d1e6c1a968ba00ecd6b1651afc5f7c
SHA512

8a518cc6b4a6a8979a2818a64fd7b8440c9d9933591702af328871c63e689ce6bfba04b0020d3baf9a5edfe346831e54eda13a57e13ab53d41e7896f5c8d7a91
SSDEEP

6144:1np0yN90QE9wE8wDYYnbTvBTG8JO5cL0Ie0P1+K3x97mY/NYyxVtBTBnN:Qy903bTvBTTt3eq1+lY3N

Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5b5e83267fa8d0f7bd4335620257a8ab42d1e6c1a968ba00ecd6b1651afc5f7cN.exe

Resource

win10v2004-20241007-en

healer redline discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  5b5e83267fa8d0f7bd4335620257a8ab42d1e6c1a968ba00ecd6b1651afc5f7cN.exe
- Size
  
  415KB
- MD5
  
  4d1f2b776fcfec9315efc0b09d146870
- SHA1
  
  074d5bcf3ff0f7c6747f5e320009434969b2635a
- SHA256
  
  5b5e83267fa8d0f7bd4335620257a8ab42d1e6c1a968ba00ecd6b1651afc5f7c
- SHA512
  
  8a518cc6b4a6a8979a2818a64fd7b8440c9d9933591702af328871c63e689ce6bfba04b0020d3baf9a5edfe346831e54eda13a57e13ab53d41e7896f5c8d7a91
- SSDEEP
  
  6144:1np0yN90QE9wE8wDYYnbTvBTG8JO5cL0Ie0P1+K3x97mY/NYyxVtBTBnN:Qy903bTvBTTt3eq1+lY3N
Score

10^/10

healer redline discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinediscoverydropperevasioninfostealerpersistencetrojan

© 2018-2024

Terms | Privacy