Extracted

• • Target

    18832191695da3e30a3623b9e06f175ce85370ff0b01d4db3704258a5be28f4c

  • Size

    875KB

  • MD5

    1496c522dda9d03c739e3f922381b9db

  • SHA1

    0fefe0d9d05ce496f118a04a063fec92245e463d

  • SHA256

    18832191695da3e30a3623b9e06f175ce85370ff0b01d4db3704258a5be28f4c

  • SHA512

    939b597b45327584ec8a8cad1203100cb5f036af4fd1e81c2f399c95b6c88f96cb34988cc8b42148d8db3881be6eb89a920cb5d0f721314d7cd087eaef99cc44

  • SSDEEP

    24576:8yaZpm6v00OvpjpIx6aMGc8U0OLCrgI3i4hwcog5dI:rKm6vbOBjtaDlU0YQiIrP

  Score

  10^/10

  healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1