Extracted

• • Target

    b7f104963c2435cc0c0bb2bcaf4039ac8d1b2b11f192ccbb2510f5c0f04ad2fa

  • Size

    402KB

  • MD5

    3e11890c26fe5ac07f01d302e1959547

  • SHA1

    8ba4864dc06021b65f8b479de259facf7cceeff8

  • SHA256

    b7f104963c2435cc0c0bb2bcaf4039ac8d1b2b11f192ccbb2510f5c0f04ad2fa

  • SHA512

    a1d29c791a51ef1688ea9f4580e6a6fac1487598dd668b1622a972fafa7e6d4593fb644e963f7b35e6121e4053b49b95abfc2758fec38bc5257c6f9c11391bdc

  • SSDEEP

    12288:8Mr+y90+qWYdxQxef10ObMYqgUVMLjwXZ++XPlb:ayVpQz0MvA1XP1

  Score

  10^/10

  healerredlinedowndiscoverydropperevasioninfostealerpersistencetrojan

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral1