Extracted

• • Target

    20e704d3e137459c78beafbbc85a3a1c

  • Size

    2.7MB

  • MD5

    20e704d3e137459c78beafbbc85a3a1c

  • SHA1

    0a629b6d207ec4c80207320379369bb83b09893d

  • SHA256

    ff721387c09c52da9e700f8c45a576b3bb23fd9235de81ebc5259793ac643eef

  • SHA512

    04206d845852ade5bf6818d1d1bcb5612e328b7c846568fed8181b99d23ac967d89b741f97a23cc6126291320c9da657c0411e252a0b2cce7673407e739e4aaa

  • SSDEEP

    49152:tVCnOFEGRdoPciiJZFLEl4tnrh6GcbxwDaABntrHBKDyCh/pPZSiS7DXj5V:tVcOffmcitqr/cbxunt8DyCh/pPODXn

  Score

  10^/10

  redlinesectoprat1108(3)evasioninfostealerratthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2