Extracted

• • Target

    Steam API Cracker Coded by MR.ViPER - v3.0.exe

  • Size

    1.3MB

  • MD5

    ede94ce030138adae8f518b53dd15f9a

  • SHA1

    3c5b045035f3a5c1311207ec3d6cfa9a58e5b67f

  • SHA256

    6cb97e0b5df68aed88d5311bbc0db32da525fdb8b4e9771f4197bbf180d0b7f8

  • SHA512

    58fd4de628b232c3387ce85060fa2bf13ca01f25af27d66c430cb20df405ca670d14129ad084b8078b5494e99be4155a57eac9d1f3454d7a4608bfd880500753

  • SSDEEP

    24576:1WpYXFJAgw/dn/ZY4trYPJ3jj4u0lu7SInx0SHnLqk2j0QjzVxbsuHtyRpz:0eXF+gUJx7sh3H4usu7LdLqk2jTjXsum

  Score

  10^/10

  redlinesectopratultimatecrackpackdiscoveryexecutioninfostealerpersistencerattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2