healer | d5e52815e5c72eb895b608a595389dccc15637549599f0fe2caa42a9cb7f2ae6 | Triage

Submit
Reports

Overview

overview

Static

static

3

d5e52815e5...6N.exe

windows10-2004-x64

Sharing

General

Target

d5e52815e5c72eb895b608a595389dccc15637549599f0fe2caa42a9cb7f2ae6N.exe
Size

516KB
Sample

250216-jcr3jsylfl
MD5

695eae2f10828196fc46414b18653110
SHA1

3e8b7cf84c510f272db2a6951a28a08e9f3ff7a8
SHA256

d5e52815e5c72eb895b608a595389dccc15637549599f0fe2caa42a9cb7f2ae6
SHA512

669987e322a21df48e659344b3e7829e3d0ac674e9019a6de5f13370581c3a01c8cd902235e93562b5130e9373e3da0311ffe9a637e39c57af23d9324fc321d5
SSDEEP

12288:TMrMy90YIVZru66I5mBt16EZksHHEq5LuiZngEz:fyEVZ7HgcERLaEz

Score

10^/10

healer redline dubik defense_evasion discovery dropper evasion infostealer persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d5e52815e5c72eb895b608a595389dccc15637549599f0fe2caa42a9cb7f2ae6N.exe

Resource

win10v2004-20250211-en

healer redline dubik defense_evasion discovery dropper evasion infostealer persistence trojan

windows10-2004-x64

19 signatures

120 seconds

Malware Config

Extracted

Family

redline

Botnet

dubik

C2

193.233.20.17:4139

Attributes

auth_value
05136deb26ad700ca57d43b1de454f46

Targets

- Target
  
  d5e52815e5c72eb895b608a595389dccc15637549599f0fe2caa42a9cb7f2ae6N.exe
- Size
  
  516KB
- MD5
  
  695eae2f10828196fc46414b18653110
- SHA1
  
  3e8b7cf84c510f272db2a6951a28a08e9f3ff7a8
- SHA256
  
  d5e52815e5c72eb895b608a595389dccc15637549599f0fe2caa42a9cb7f2ae6
- SHA512
  
  669987e322a21df48e659344b3e7829e3d0ac674e9019a6de5f13370581c3a01c8cd902235e93562b5130e9373e3da0311ffe9a637e39c57af23d9324fc321d5
- SSDEEP
  
  12288:TMrMy90YIVZru66I5mBt16EZksHHEq5LuiZngEz:fyEVZ7HgcERLaEz
Score

10^/10

healer redline dubik defense_evasion discovery dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Healer family
  healer
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- Modifies Windows Defender Real-time Protection settings
  defense_evasion trojan
- Modifies Windows Defender TamperProtection settings
  evasion trojan
- Modifies Windows Defender notification settings
  defense_evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Downloads MZ/PE file
- Executes dropped EXE
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

healerredlinedubikdefense_evasiondiscoverydropperevasioninfostealerpersistencetrojan

© 2018-2025

Terms | Privacy