Extracted

Extracted

• • Target

    file

  • Size

    1.3MB

  • MD5

    ba9fe6ef94fe7823b804a68264e901f9

  • SHA1

    872d452bbba5d325bf4fd8d1579be007c969ccbc

  • SHA256

    659f0f9e427722eab6a23d86da26aad8776993035e00bae97a8e41f5c937e386

  • SHA512

    a25b1a243473e67149fd34b336003a7fa167b53b74e29e32ded6330756b8c4950210145e4cbf40a154d349eccc24441eb26681081c8a5e09de6d02f0be3a4867

  • SSDEEP

    24576:iyqdhcP1YfDz/qEUJjOg7r8VTLSwKC+WHib3GJsuqC:JqdhcWbzCEUpOg7r8F+a+W+3

  Score

  10^/10

  healerdropperevasionpersistencetrojanredlinesmokeloadertrushbackdoorinfostealer

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2