Extracted

• • Target

    400f5a766c970b353d7dd079b3cc4bebb312e1c94c336b3d8d1db707606394b8

  • Size

    536KB

  • MD5

    426cb31b0b7f2355457d2cd359993ecb

  • SHA1

    a72c73b8be47193ff1c4633912f64330e0c5b119

  • SHA256

    400f5a766c970b353d7dd079b3cc4bebb312e1c94c336b3d8d1db707606394b8

  • SHA512

    256a61564ea3824655755a4bd81ec8080c006408110e548ee18e3d53105d055558440185432c9978dc0892ae91ce8870c740064a94d8e5cff9af1927bb62e278

  • SSDEEP

    12288:bMrLy90HeS8wyaHdmfYp1N6zM6/WLgb0gky:QyIeS8CUfuN6zWko2

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1