Extracted

• • Target

    424ff83911ab4cab3ea0cd2e11731762_JaffaCakes118

  • Size

    432KB

  • MD5

    424ff83911ab4cab3ea0cd2e11731762

  • SHA1

    c02c4fc71918a134a141c29b79513738eb939aac

  • SHA256

    5e1e38c73cf7b0484b741b5826ddb0e968d630bec918925592dc51157e11757f

  • SHA512

    06b06d3c34ba9e14cdf238930717fc75609b8106b5e31568b64e8c18c23f00c4c284b110d145c4ef3d92754061b164e7892feb3c80be6b03b838055ca05c716d

  • SSDEEP

    6144:Y2jOyVRlhl/oD5b/gn0ACW03PYhtBT4TCgHMtOe0TLQ3nHIEJ9zgWzbcl9txCYAH:YcRgDJW0A/kwh3MTu9yQY09zRw9tUd

  Score

  10^/10

  redlinesectoprat@bbakochdefense_evasiondiscoveryinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • System Binary Proxy Execution: Regsvcs/Regasm

    Abuse Regasm to proxy execution of malicious code.

    defense_evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2