Extracted

• • Target

    Bank Account Confirmation.cmd

  • Size

    75KB

  • MD5

    283fbfbb411d1edabbe1cb21d366162e

  • SHA1

    47a59150aff544fb2a3d90288b5e8895c15aba47

  • SHA256

    44522dd5ad0f55465de4759cedae7ad4b88514df869bf1bf84cbec7d59fa5265

  • SHA512

    f389ebda3b62060045acf5cfbffa40957ec6c21cd061e3d6fb98e11528bc6e198a3fa1da0a552e10058e65fa2141d07f24c1b526f73c3cc8d93e9b1698f1738f

  • SSDEEP

    1536:3MnTcilr/sM2PyRzguf8qVL7MyjO4OxmmeLbXKxPpqFTi29tZL6c4:ITcilr07IkKl7qIXKRpqF+2w

  Score

  10^/10

  discoveryredlinesectopratkayexecutioninfostealerratspywaretrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware
  behavioral1behavioral2