Extracted

• • Target

    0097-CGM CIGIEMME S.p.A.exe

  • Size

    3.1MB

  • MD5

    a1dee348cae0e72e34756c1af67a1ee3

  • SHA1

    c1762e92c78d384273df732e0480bdc00602befe

  • SHA256

    4815528e2ce6e19bd348bdb89dd59ccc8d2b5dd6432074daa92e86f45f4a5604

  • SHA512

    c7235d1eb1ff5a3b2f26462eb93bf8a6f5968de06cd8c8909341522028b7670c1534d00e5a46378c96933569665c7e88a7e4692fc52fbdd70a512e4dd9e5f9b1

  • SSDEEP

    12288:NNjXXcgKOAjxi0eF50N8y8kWtJJsn4VxSHunc:HHctOmBQKn6EOc

  Score

  10^/10

  redlinesectoprathallediscoveryevasionexecutioninfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2