Extracted

• • Target

    c64c7b15c097ac6ad81c3385a74056207641af72f622c2e26ed0bb717cdbc604

  • Size

    534KB

  • MD5

    70638821565c907bc1b6ea35a5696dfc

  • SHA1

    edcf13b873d1ab30cd86187d8671cfdda7b28dfc

  • SHA256

    c64c7b15c097ac6ad81c3385a74056207641af72f622c2e26ed0bb717cdbc604

  • SHA512

    852ea94cc95c96b7a9931f42f883923d54d112d6405237e16f0b800f1d8c83733ecd4abfc76df77b0f153a3ac2a22c7874e266bb6b74c8cf95c98cf580bddeff

  • SSDEEP

    12288:SMroy90dGfOoq3BehyfCmXgjzcbOWr8BwdgrRm4:OySGM3BehyfCagjzUOyuwdcB

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1