Extracted

• • Target

    bf4474a7b955075ef14a48e2ba631181.exe

  • Size

    538KB

  • MD5

    bf4474a7b955075ef14a48e2ba631181

  • SHA1

    ec69cb6eb45a99d4b3d0d6b276912872e56db4d9

  • SHA256

    39fe03845f04099e7100c0462b899a7846ae32620bdc41599a99a4014bc0d9af

  • SHA512

    53c3b917e24ac11351b5c47e5cd6f5019c6452cd8f2313d257edee764e857e6f17104cef96676ae13e6158f05715832307d64a4734c357ba2853a687b514e4b4

  • SSDEEP

    12288:mP+gHY5z479uqXLp1ikYaAKxuGvykXM6ffvVJ:mb45479ugYaA4uGvykcuT

  Score

  10^/10

  healerredlinekiradropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1behavioral2