Extracted

• • Target

    fa3d40ce6752360f82f85789de9206da_JaffaCakes118

  • Size

    19.3MB

  • MD5

    fa3d40ce6752360f82f85789de9206da

  • SHA1

    b2257a28bd6c5fc2330c43911cb3b09fc7a3f793

  • SHA256

    290fbd80875f828748b26dd45ea64d3a289cb94f5bda9f6998a5f4e054af4d4a

  • SHA512

    0e1be7b19409625f4dd821aaaeec8b0105ca6c5db34ccb2d0dbeec56916a61c12f78164ba09fea0f865c64d0c13dbf933c22175a4ccaceec042ff3f38a2075b9

  • SSDEEP

    196608:ItKgK+WQiP0b9HVd2THcW/VYDzBAdLGMyO2FUAfvHoqToihJ:1gKlcb5Vd2THcWt4wLbyOifvHr

  Score

  10^/10

  babadedaredlinesectoprat@treeline300crypterdiscoveryinfostealerloaderrattrojan

  • Babadeda

    Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    loadercrypterbabadeda

  • Babadeda Crypter

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2