Extracted

• • Target

    376579ed0150d100c72659f1216604b23f7609fe833e9a8e860672bc1b6534da

  • Size

    560KB

  • MD5

    cd540f81462aa7fddfb687df2e20c03a

  • SHA1

    5439e141e8dcfaf46f524e00f52832ca884683b1

  • SHA256

    376579ed0150d100c72659f1216604b23f7609fe833e9a8e860672bc1b6534da

  • SHA512

    9ab6a831c2c7091b4f1ef65dbc33a0aec753173867d12ff79c1871af4ce172074e69a839e2a07b3035144883a81c5eb3a040b379688fd150f9e079adcc405b77

  • SSDEEP

    12288:GMr6y90apM5p4yOhEslAt2DpUcfEhxJ2ufqUl8NO1o:gybpycEzEEhdSU0

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1