Extracted

Extracted

• • Target

    b5fa545437628da988c0acaf2812778deb03356a0d60096920b5aad7f11fbada

  • Size

    684KB

  • MD5

    66ccb6290b9517973a2536c6a63ce55d

  • SHA1

    13e2c69cd15e558bb1ee6823d17ae0413e492f70

  • SHA256

    b5fa545437628da988c0acaf2812778deb03356a0d60096920b5aad7f11fbada

  • SHA512

    21003194adaad3cc6c6e2e8dfe905455f076d5c31bb861c5c78b037274b5f3085f2ed9fc9c41bfd3ecee273a9e5f326657a49d23f449b0382ab6b8a7542030bc

  • SSDEEP

    12288:+MrVy90UkTFR2AlY3i9k90ye1nj4L27FYSG12LrSQ7f15yEfwJ1OXnqS:3yghxnk90yl2GluXf15y0jXnb

  Score

  10^/10

  healerredlinedizanormdiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1