Extracted

• • Target

    b4e97b8e3966d99d001126635111c4580f84f6490c94c2b1985288824ce74801

  • Size

    530KB

  • MD5

    ffcc9836a7bb7702604cf7aaab727e1e

  • SHA1

    c605e352705e52c218e979a91660ca3f1b7bada0

  • SHA256

    b4e97b8e3966d99d001126635111c4580f84f6490c94c2b1985288824ce74801

  • SHA512

    b33b1889ef2625e34190154923e3b0faf20f5bf3b7693e01f7a06d7ecb3dabdeefe259bfcc8fa465a1fd7c5ab2549c19723f822427448eccf7c7b031d3dafed7

  • SSDEEP

    12288:QMrfy90xhizLG5jP9z0nkiiBm7q0nEK5p4IE5/qS8wF8vTGh:fyQizLSxUDWAEKEJ5xab4

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1