Extracted

• • Target

    f9ca901fb82dabe4c5036d0b276cdfea.exe

  • Size

    424KB

  • MD5

    f9ca901fb82dabe4c5036d0b276cdfea

  • SHA1

    d5bfc6ff7c6cd0d142ad3f7dfa08451203da92f9

  • SHA256

    be79e1d0618a893153a049271268fac39ca9007bae26ecaeb73df3a455fb90b1

  • SHA512

    9f0877bf1c0c75393f8f50b02c1b483ae636e6ab974fa6072e5061a1b9b274b95b9e5fa26145f07aba6dc823abd94657b5e1255e42c88fcf4b24a55ea1dcd2bb

  • SSDEEP

    12288:6YF8rfffDfffFrnVqpPtogpFJN1HKd6l/r:6YmfffDfffFopPt1FlHKez

  Score

  10^/10

  redlinesectopratchina2023logzdiscoveryinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2