Extracted

• • Target

    ac433314041327aeb4d7450aa1dd3424adaee403bee85a5f9c13c33d3f52bd45

  • Size

    524KB

  • MD5

    314414416a999386720c50c282b81da5

  • SHA1

    b650df3be276e186d44ef5858525cf013a107de5

  • SHA256

    ac433314041327aeb4d7450aa1dd3424adaee403bee85a5f9c13c33d3f52bd45

  • SHA512

    441ce8f5df0235404a9ed3de2fe37319874a1d53b3d7eabe55cc458dd5117fab74ef8d33706f35364ad79db197ca91188a8ca1bf0951ca8b9064e4a6e129347f

  • SSDEEP

    12288:1aDzsi0+ATtjcqO5qOxhb1+Oe5VXcXiTkR:1aDDDABjcqOoO7b1+T5+h

  Score

  10^/10

  redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2