Extracted

• • Target

    1636-71-0x00000000004C0000-0x00000000004DE000-memory.dmp

  • Size

    120KB

  • MD5

    065446ffb8a73a2defebe3be84c202db

  • SHA1

    ed519a6732573772702e69aa6ad0583269631e4e

  • SHA256

    dba5b9f67653ff8c6cc85b48eeee51629fd450ed56e63198413bb25c2001e0f1

  • SHA512

    42fd6fbb8679fd36dfacfc2d0fd94a286d2d0a87e668e82eada0c4beb5f637e23c6b1890dae8384d024c0974f9f965eacb961122c838a90b5242c9aa94d3cee0

  • SSDEEP

    1536:Nqs4iqeHlbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed273teulgS6pIl:7/pVYH+zi0ZbYe1g0ujyzdXI

  Score

  10^/10

  redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2