Extracted

• • Target

    x2956276.exe

  • Size

    767KB

  • MD5

    1c6c7a45405df7f0ffa13ba4b0e13cdf

  • SHA1

    a07565f75853d665ba77066708ca389013eec8c1

  • SHA256

    8223ecb59ab7857b5c818e0a2b46f718af34cbfd315ef44aac14abcf7b10eae0

  • SHA512

    12ad25bbb3fbcce8c5aec9bef01691f43d1f323d1f13c479d83e66b7072d8e4fa460fa58df0921cc77b96d84480de075bb17b238c655e3c41b8dcd4b9311894e

  • SSDEEP

    12288:iMrRy90oJfvnDybDtf2MTTXqdvlyFL+LEVEjqjdd39rNdwxe:PyHuDZ1X6lISxqZL/wA

  Score

  10^/10

  healerredlineblackdropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2