Extracted

• • Target

    57a6076217008f4b1eafbca6dd2187906745b585978d2bb34b5ac2eada56be6f

  • Size

    894KB

  • MD5

    bd58af96d1d1952f5a265f0bb7012672

  • SHA1

    db9d171b67b71b47f183f4d30a0180da10f76478

  • SHA256

    57a6076217008f4b1eafbca6dd2187906745b585978d2bb34b5ac2eada56be6f

  • SHA512

    195e1c514cdfe29a115a7f93351af25b0c1a14e7dfce9e88a6f3913c28b846176e72db6b8075cbcf63019cd987550e6ec059ed99281ed076ebe6dc3700da0733

  • SSDEEP

    12288:NMrry90it1O757+HvUwen7falrfDYiQPpwLJl0YLddIXDZHFC55daXiR/lS0wapS:Oyzt1Ox+mnjalrfD7QBOJl0eatElSpj

  Score

  10^/10

  healerredlinemangodiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1