Extracted

• • Target

    67b2831582cad6753246c71526bee8bdf29e3150d8dd5ec59a2d376c53493929

  • Size

    1001KB

  • MD5

    e0ce28aad08a3286e1832c9677049bbb

  • SHA1

    47f698c96e736f3fe46e89ff19031563e793234d

  • SHA256

    67b2831582cad6753246c71526bee8bdf29e3150d8dd5ec59a2d376c53493929

  • SHA512

    8380a939858365c178eb6c1b13f4f6c7af078271b9fe425ed3a284031de383252d8306486b47aeff35ab10c2d70e20babe9f75d9fd781846ca9abd61784b6197

  • SSDEEP

    24576:bTbBv5rUNt/Hl0t/pLVp5Qy/W1WCoxMIFf6MV:FBetvetxLVp5QQ8hKMIFyMV

  Score

  10^/10

  redlinesectopratcheatinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2