Extracted

• • Target

    085b11ab52a6865e3b14734f517cac42

  • Size

    7.3MB

  • MD5

    085b11ab52a6865e3b14734f517cac42

  • SHA1

    02770b5a346b7bea9703cf1a0647934d4642ca76

  • SHA256

    dda791ae03a40c12c7f67a0398be23a9334766aa82fd49145cf62072b922b9f8

  • SHA512

    e4edb2abc1c74905332bc7d0d535eb2b46e8b6e8434e4fbfd418fe4dfd01f44e17747cf208309511907c9e3e8852c4a97d51c1f2c6c9aaeb7bd7c2e2e8873d00

  • SSDEEP

    196608:XPGZKb8Eo5RnrX33haMwT97EKgDVD0Yet1wJcskt:+oo3nThPm7ExVrJcX

  Score

  10^/10

  babadedaredlinesectoprataugmycrypterdiscoveryinfostealerloaderrattrojanupx

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2