Extracted

• • Target

    2884368dc2711805b3b3951d26f7d93eabc67077e598511a7826581b6259b2d9

  • Size

    660KB

  • MD5

    f92a37902c78dce66c8db2f962f7b629

  • SHA1

    6b38b87b06acd207b638f36075bb168896900099

  • SHA256

    2884368dc2711805b3b3951d26f7d93eabc67077e598511a7826581b6259b2d9

  • SHA512

    8fd6c6c96c8a8f116660e867e33815016d5d6a374300b2fd3e198f603d0fb6b975629b939ac17b1f50963be71e52f5a7ffe377be0cd80136659e70bb21455085

  • SSDEEP

    12288:fMrgy90D6h/OFpM4+qBlOyfkjn63jftNhmE9IikY0jsSrLiSihaWPWMlT4Ix1:/yL/OFx+BQkjn4ft3mE9WYysS6Sih5Hz

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1