Extracted

• • Target

    57bb460a8bf8acfea0549697041eafb6_JaffaCakes118

  • Size

    2.3MB

  • MD5

    57bb460a8bf8acfea0549697041eafb6

  • SHA1

    adb1379ea4a1205e98dd99ae29b938561e450d40

  • SHA256

    9f57d5e9bbe20d0158d6515f9bfcea72f32fc4d5de218d5444a44de0d9f54e31

  • SHA512

    40c1288e06925888eedb1e12a4db905402a9601663eabd9f8aac9747d5bcfc0d4bdb8555415db5c06f07719271ffbbc21caa74e930a3568fba90ce0c69726bb7

  • SSDEEP

    49152:x5+hFZ7+7m4f9deH2iiKyrGNG9nbbRI4YewCxiz8lVHTIioOFZQ+g:x5aFVqqMKyyNG9nYMxiqZ7g

  Score

  10^/10

  redlinesectoprat@leepsy_nsinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2