Extracted

• • Target

    a026766f423af3b3e0cdc4e79eca3380c421fc0f2bc78a4335b5497deb9e598f

  • Size

    689KB

  • MD5

    190ab995e582da87e0e0752c3d973b24

  • SHA1

    be56b18b3e12a889d16aba5a96b8806c949994ea

  • SHA256

    a026766f423af3b3e0cdc4e79eca3380c421fc0f2bc78a4335b5497deb9e598f

  • SHA512

    01caa3ff93882a80a8eeb7653361b2d435af70f6b716e0dff9f7988273c20cd03127376c445cb932f8bec31976f591b301fd574aaa84c8293076a6e3dee5f53b

  • SSDEEP

    12288:NMr0y90ilvz4WXjgMvmtVzzGqIiVVmOTSxniygaGkQVEq843x9YMSKblPRugA:NyRlv0WXcMvmtoum/xniHHZ84h2Mf5JO

  Score

  10^/10

  healerredlineborisdiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1