Extracted

Extracted

• • Target

    7bda36f550427233cf43565fcc9ddbe3d5dc04c9fdaa7eac5b82053dc686e557.exe

  • Size

    916KB

  • MD5

    c9597a24387974618db4668c36b23f09

  • SHA1

    076d01def9c3e356d9e48a326a87950f43922648

  • SHA256

    7bda36f550427233cf43565fcc9ddbe3d5dc04c9fdaa7eac5b82053dc686e557

  • SHA512

    7c7f8820d88ff05eba14733a3e9e8c10377e8896e4bef9f0901446c15d972faab910063c3b5c4f31ea42cee3136a7496cf9531681f2cfb22930673e151b3cb49

  • SSDEEP

    12288:pMrJy90ZYFcv+IOdO4EZ+W7YfOoF6xYZbugh8Vk6jgNnTiWDcier9OPsrvV8L3lq:gy8NOdGZ5cxqM6itKQ3PCU3Ihai

  Score

  10^/10

  healerredlinelinosnormdiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1