Extracted

• • Target

    Shipping Documents.exe

  • Size

    963KB

  • MD5

    1cc7ec4c91b811c75bb9621120b95dd4

  • SHA1

    214a6276da8f2ead192d1cb28cf6afd514752eec

  • SHA256

    45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa

  • SHA512

    af62907155401baa25eb4bfd793ac8cdca1eeb16e030c3c1eb9418b6e1abbea4438c8beea5579e8130b4a4277cad06263a52d080e8e7cc8b9c4221c94fa9d8f0

  • SSDEEP

    24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaHfbSH5:dh+ZkldoPK8YaHf2

  Score

  10^/10

  redlinesectopratwindowsinfostealerratspywaretrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2