Extracted

• • Target

    b78f617b4472c6772007949e17180f6be4b61378758a13d57970a13b6c87d0cb

  • Size

    560KB

  • MD5

    142e0490856521236f99ee06b5a48023

  • SHA1

    46d434be635c20a8504f31f5b5b404945c4c1ae1

  • SHA256

    b78f617b4472c6772007949e17180f6be4b61378758a13d57970a13b6c87d0cb

  • SHA512

    8f1da68fd8b2b89aae7473672ec4337d9c0d21d15824a9916db079a08d4cb172fb5453de1e08cda69983fcc8b326f1cc5dd07588b1e24d88a4dbc7ac22bb166d

  • SSDEEP

    12288:NMr+y90BCNqhw8PmLmYpr/BReUivebcRqnqu5rY/:zyctAr5Yvveb0u5q

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1