Extracted

Extracted

• • Target

    1781ddb602a316730559d94109077fd3718e6d208ab0f6888cf259283ce14e73

  • Size

    926KB

  • MD5

    af2b0093e91d0db81808c2f50ac16739

  • SHA1

    d741b98e79078516266d90b86c3489dc2a4f6dde

  • SHA256

    1781ddb602a316730559d94109077fd3718e6d208ab0f6888cf259283ce14e73

  • SHA512

    80133c603b37309dbdc2128d58fa5c07628ef7cde74acf5a01f6d22feb74a3aac13e377b07442d9af0acb7e43a61e3a14049b9f6522e112ef5fa959a6ba0bb90

  • SSDEEP

    24576:UyluDEeJM6RlUbO4IPNojyTqjVD9rkyZXUH:j4DEePuOjl6n5uyp

  Score

  10^/10

  healerredlinedroznormdiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1