Extracted

• • Target

    2176cc9b762edfbd24d4b662a4900a9d856a60a607d20a45b5fda26a6a037b13

  • Size

    500KB

  • MD5

    b95bee2ff5df9ded04b10c6a3a4c90a2

  • SHA1

    1ddd76d2f65d95d8eea75426dc980816de865c8b

  • SHA256

    2176cc9b762edfbd24d4b662a4900a9d856a60a607d20a45b5fda26a6a037b13

  • SHA512

    ebd2ad8587aa5c3b86fa58e54ff00c858596a5daab3dc72f0699fa8a0d2902887f7854f75d95e7826332d0304d4c18c2eabff22cd39c1c1b28f77092e4f59489

  • SSDEEP

    6144:K/y+bnr+Dp0yN90QEzAM6NpOKKbKcIYRj0gLzhDQKwLgow168GXz7/q0QTrlzUZ6:hMr/y90Ri5KbRjxZk4S8G/S3C6JhcWX

  Score

  10^/10

  healerredlinefukiadiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1