Extracted

• • Target

    1bba59f4860f9530a9969bd214863f1859f0d4f7189e2532399354c80a8f9256

  • Size

    562KB

  • MD5

    40f7f214c47f8ab5964fc020310df86c

  • SHA1

    6d6d561d7fe722f31082f0020ccf781c6b8a1576

  • SHA256

    1bba59f4860f9530a9969bd214863f1859f0d4f7189e2532399354c80a8f9256

  • SHA512

    af4ea4f2806de0c404acb64f657af492a5cbc29b4a371a6e82088a43d2c6bd1cec49581012f16a286cf4ed48cc76cf5ef8aa8b0d53fbcb87ea76d5fd4ec8b8a3

  • SSDEEP

    12288:tMrIy90kB+bI36OA+F68Lf7ozlNfglBoOBNr3jT+B1u:Nyn07GDLzovfioOjDjSy

  Score

  10^/10

  healerredlineborisdiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1