Extracted

• • Target

    Bank Account Confirmation.cmd

  • Size

    75KB

  • MD5

    a1f610b023f0ee41cf49ff8f1c65cd69

  • SHA1

    9eb5aef9ec56315b68125fab688e7da0f1c047c7

  • SHA256

    b88f42d17c704ef4c967e9a1dc44df19c78f7778b4dd8b804d672bb8dc4b388b

  • SHA512

    9ac1b320dba8ad3e2649d536c7d5c2c00bf7e392c067f639cba722128e984f914920bb9a32502d27005359fcfb6e353c9f1a70eb421f158eb09fcadce8b4ee38

  • SSDEEP

    1536:ZVMZoZknhzcJZwc+ADr8syGShOY3C+BuRV0B/FHP3vfcC:AZvh+fDr7YuRg/FHvnd

  Score

  10^/10

  discoveryredlinesectopratkayexecutioninfostealerratspywaretrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware
  behavioral1behavioral2