Extracted

• • Target

    326c915977a42370e806178161e060b4_JaffaCakes118

  • Size

    1.5MB

  • MD5

    326c915977a42370e806178161e060b4

  • SHA1

    140bf2bcbc2845f65674fab1e29407da5b869bf8

  • SHA256

    e7dfb670bb6407f251b3e83ffd83332184fa12f47ead9a5cad529adb88f835d9

  • SHA512

    fb392af38f76c9da3352afc4034eb1233ce9ee8e81f49899f12e4d1860f016a9df5fc3d8c98bf68e6624220da32025d5d6265836eed1e6bed111931f89d7b20d

  • SSDEEP

    49152:iZLAulCktXMNVWczmH5F1/ryMW4qxvaeX:MCktozm1rNW4qxva

  Score

  10^/10

  redlinesectoprat@hmmmm2224evasioninfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2