Extracted

• • Target

    0961cfb89798532c90d35ce37a1718f108d572c7886da0f4b1d6c777c7673e07

  • Size

    491KB

  • MD5

    1c185b332b3c465c964af971cafee906

  • SHA1

    8a608729025c94664a9925c0aba1fb4479eeb6e9

  • SHA256

    0961cfb89798532c90d35ce37a1718f108d572c7886da0f4b1d6c777c7673e07

  • SHA512

    8f31346b635988db5b6170ce267c0b40b7ef27584cdc7a57f181f2b05b060be5ff97a5533941f0297bd946df8fcad0295f168676e2fe76f99cdbdd85824030c8

  • SSDEEP

    12288:1Mr5y90hhwxAOv0OPzp6Cp4mEonRxsvz:kyuZmU5mxMz

  Score

  10^/10

  healerredlineharesdropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1