Extracted

• • Target

    112afe58c85e0c7eba596f549359916a8e631c0616ef7bc4465800d66d884816.exe

  • Size

    556KB

  • MD5

    6a7de74f92fcfc31dab12bbb2a72f88b

  • SHA1

    57f86385bc3e9563c0ca64febc7564b99f7c612c

  • SHA256

    112afe58c85e0c7eba596f549359916a8e631c0616ef7bc4465800d66d884816

  • SHA512

    379b2713501670ca1497c8b5e81f30aaba690811787d85f05fbf35ebcd196c79332bc3527a30744a04d1b0f02a00f0ef9f5eeed6bc6137ae635e1027fc82c7c8

  • SSDEEP

    12288:MMrSy90iNqUPdj2gI5vm1HnCL6pJGjxAxI9grmWD4:+y1PdaN5uS+GjKI9Kr4

  Score

  10^/10

  healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1