Extracted

• • Target

    a445d7cf27e05d5bb253252e36af7616244a27125ddd02a849f56a832022dd71

  • Size

    1011KB

  • MD5

    684458afeac6043c249d1436abdfbcaf

  • SHA1

    c6a1d868e62ab892405cbe6cd5475b81be976997

  • SHA256

    a445d7cf27e05d5bb253252e36af7616244a27125ddd02a849f56a832022dd71

  • SHA512

    219a908a2f739752317b81c6b6b223cd77c5a13f77a2beebc802ef7d892dd9ebaddf6a2e9ce006f6479ca467cb158c80ded6c1387464537e5c7955515c21cf94

  • SSDEEP

    24576:xyGoHHoK+KnkYhtQsX1I6cstS0uvSEmykfHGTc4jz:kGoHIK+H01ncsM0KS5yO+j

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1