Extracted

• • Target

    165fc303f9cfffd17fab03ce2e3bfb86

  • Size

    2.3MB

  • MD5

    165fc303f9cfffd17fab03ce2e3bfb86

  • SHA1

    2ae80a58ce4c9fc7f21d9222a4f66ae9786785ee

  • SHA256

    d0d3e3a7ac20193a27c7923085daeced3c700458df03995fbc0cef6c39e091ac

  • SHA512

    7d21658ad45c34ef24fcb859ad4944921182a825a803a582c672c831a1f7853c58a5e816b8793a7b978381bd6c0e91e322e5f78b3c8871c38b9e41f960d60483

  • SSDEEP

    49152:o5+hF2wotorqqsTnNwAFmVzMdryx+OTyh2xBYxiz8lVHTIioOFZQ+I:o5aF2wOtTNZFnd8TyhGBYxiqZ7I

  Score

  10^/10

  redlinesectoprat@kd_bookerinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2