Extracted

• • Target

    ad86c5cb9f936936ffbae85f43bf2a40N.exe

  • Size

    797KB

  • MD5

    ad86c5cb9f936936ffbae85f43bf2a40

  • SHA1

    8c3916a0807b528dfbc52f2c7826d7e6cbc2320d

  • SHA256

    6e4a44c3de0e80fecece030c2d219e2d20f8bb73366172533f62297d1d5b1d6c

  • SHA512

    7ad6645e4c7365ead5ce38853e3002ad184e2f67604439f32be8c13217e5f5e5c9df68f568d2c6bb16ceb947b6ecb949fad95032fc770ef88be8f7e93efe7c93

  • SSDEEP

    12288:hVVx0xC0+wZHVUXLCZLiF/d6/7iDlpOWphcotUTEvkR:TVxEC7wZ6cLiFa7YlpOqhcotUEq

  Score

  10^/10

  redlinesectopratcommanderkingexecutioninfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2