healer | ed364a0a5ed2b3d00214914f9bda1f3e393a6b17186b79a9644bfadfb791a950 | Triage

Submit
Reports

Overview

overview

Static

static

3

ed364a0a5e...50.exe

windows10-2004-x64

Sharing

General

Target

ed364a0a5ed2b3d00214914f9bda1f3e393a6b17186b79a9644bfadfb791a950
Size

1.5MB
Sample

250206-hfp7pawlet
MD5

acb49e7150e8de6ad028bf9717999d89
SHA1

877004bd51b35668cb1901976c514ab8a1576cca
SHA256

ed364a0a5ed2b3d00214914f9bda1f3e393a6b17186b79a9644bfadfb791a950
SHA512

c52f57cbc7ca69c7b6048c22fccf85c668f5fc5185c8478935b1596fa1fa669f2be24765049db75211364b68aea19397fd52344989677350bf52f05b1cb1fb27
SSDEEP

24576:nyzcH+z3JwCgyAuIW9VPJe+MvTnfZjD1VduzJ0lnWp+RjPs6JfDnVB6Fw:yzcH8Nnhe+onZhVcF0lWpSPsULnV0

Score

10^/10

healer redline defense_evasion discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ed364a0a5ed2b3d00214914f9bda1f3e393a6b17186b79a9644bfadfb791a950.exe

Resource

win10v2004-20250129-en

healer redline defense_evasion discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  ed364a0a5ed2b3d00214914f9bda1f3e393a6b17186b79a9644bfadfb791a950
- Size
  
  1.5MB
- MD5
  
  acb49e7150e8de6ad028bf9717999d89
- SHA1
  
  877004bd51b35668cb1901976c514ab8a1576cca
- SHA256
  
  ed364a0a5ed2b3d00214914f9bda1f3e393a6b17186b79a9644bfadfb791a950
- SHA512
  
  c52f57cbc7ca69c7b6048c22fccf85c668f5fc5185c8478935b1596fa1fa669f2be24765049db75211364b68aea19397fd52344989677350bf52f05b1cb1fb27
- SSDEEP
  
  24576:nyzcH+z3JwCgyAuIW9VPJe+MvTnfZjD1VduzJ0lnWp+RjPs6JfDnVB6Fw:yzcH8Nnhe+onZhVcF0lWpSPsULnV0
Score

10^/10

healer redline defense_evasion discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedefense_evasiondiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy