Extracted

• • Target

    26b43c14465533a6c8eda3fc39004f8d_JaffaCakes118

  • Size

    126KB

  • MD5

    26b43c14465533a6c8eda3fc39004f8d

  • SHA1

    d27ddaaaff6f3a5f7764c19b852efec86d889d62

  • SHA256

    00a06fe9fdfca3e36d29757500c3ea69d1a58d6b261d31f1921c2dcc5a996f4d

  • SHA512

    23fd5f0a00ba1cc6a224e2abe786abaca736b0111def833b7f938dd0f1d66ee27a9825d56d17b1239a7e5a70ff5be828e222b582a6bae1a0063240b272bfb37e

  • SSDEEP

    1536:aKEYekjigc1arEZ0aO3G9m4VCj7AOz7HMWe5FhQYx1+GLEajB3K158ZCHg0RQ2Tv:W77pOzTE5FeEDzZiQQLMaZ

  Score

  10^/10

  redlinesectopratbfvtnbtrtewrhrweginfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2