Extracted

Extracted

• • Target

    6967145694ec1022112b5a471af72c689c48b7f972dc453e2d5da7ee9122f934

  • Size

    850KB

  • MD5

    87b889c1fa3b7ecd8bc932032343fad6

  • SHA1

    a60aeb1dcc699f32bedbcd39ef77b219ffc49a97

  • SHA256

    6967145694ec1022112b5a471af72c689c48b7f972dc453e2d5da7ee9122f934

  • SHA512

    49291c196a661625c4c34aacb713589f74a49280949cb3e3bdf16de111422720faa3ae85adf3007eede1fc33f02cdd1fc14f958c5782b968e0c3dfe6cdca2b21

  • SSDEEP

    24576:zy3Fsnjv2zkMCUf+CNs1fabgOl4lbHy6jTz:G3FsjvohCZC+Bajl4lbvjT

  Score

  10^/10

  healerredlinedizaladadiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1