Extracted

• • Target

    35b210fed22d9a4d66244695d12dad3d7a79d9023d2512e34984d68eb4a5500c

  • Size

    667KB

  • MD5

    a129e1a4d31e1005e9a998124573f089

  • SHA1

    641f859bae9f9af264c0193777a4620db4ad5f36

  • SHA256

    35b210fed22d9a4d66244695d12dad3d7a79d9023d2512e34984d68eb4a5500c

  • SHA512

    39337790700cb7b54fb00fc8f7088ecbcbcb4126b11c34e20b65c77334a3a55081e9799364150159c05269cca1baec30a29a1d6699e546a053f4ffff7af7f00b

  • SSDEEP

    12288:RMrMy901mIqyGcavqE14FEyMoMLtMk/FBUhttN3b4NQ4v5YY:tyCAtcavirMLthFBwDN3e5D

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1