Extracted

• • Target

    5df6164a520938f9ffd7e67a5fa527389a6ca6bbdd87f2f4d5a8be6a14128ffb.exe

  • Size

    482KB

  • MD5

    81e90735a303f429a0ff80a71862b983

  • SHA1

    2992dff16a13d7b39867e3a2bbb538b9a6690877

  • SHA256

    5df6164a520938f9ffd7e67a5fa527389a6ca6bbdd87f2f4d5a8be6a14128ffb

  • SHA512

    13b548492ff13f4e7d3a2b3aea40392bc3b3e6f8857c130ec444caa5b01bbbb545089f55e6d674da2bfdfa45b3b05176f06f9668df9911f62eb24663815cd6cb

  • SSDEEP

    12288:NkntfZCYTdq3YOTLU56paixZ0zWJPEJLm4tFT4:4FZrT0ZA6paZSG911

  Score

  10^/10

  redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2