Extracted

• • Target

    a63829281858f445f40f3ee2ef0a143673ea61da232882ac442b6422a88f54b6

  • Size

    658KB

  • MD5

    fb5bbc1bf21e12a65a4c7e1c619c6cdd

  • SHA1

    c402b0ca6fb8249b97b53922fd5ad905c7810762

  • SHA256

    a63829281858f445f40f3ee2ef0a143673ea61da232882ac442b6422a88f54b6

  • SHA512

    63ad8b041cdb69979017307b29952803209c18a1429b46dc76c5e25066d65f5d0d46c4e905b467827225cb2ba6f51efc5cdfa126bfc76a22a087b3ba88383e44

  • SSDEEP

    12288:iMruy90uCEeYYvzskk/MeaDS6lIg6BF54ztBn2grAgbSjuSW6Sfu2zcN:EybCDVY1/UDSdK721gPZ6SfZzcN

  Score

  10^/10

  healerredlinerostodiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1