Extracted

• • Target

    4a062d6bc6c5351a43f344cb9d74f431_JaffaCakes118

  • Size

    480KB

  • MD5

    4a062d6bc6c5351a43f344cb9d74f431

  • SHA1

    447cf28435fab3837f17e5ae0e11cc46903effb5

  • SHA256

    68737920e984a0fd9e9d13c19bbd02474987bbb5bf2fab4e840d944d05f39e39

  • SHA512

    1897f19b202ed97f23b88dc0461631ff65f8951496fcd12bcf9910e42ef93c94d9f62d432c1269a2a08f0ec0ca0e29ebc173d4211ecd4691be03b9e493f0b5e5

  • SSDEEP

    6144:cigZeYtTdaVa7pOJSWD1q9oJa7x54hwGZjSNSkiSK6GSlg1OABTRcAz:cigZDJN3WD1Fk5ghSNSki1Slg8ALcAz

  Score

  10^/10

  redlinesectoprat@b0nomidefense_evasiondiscoveryinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • System Binary Proxy Execution: Regsvcs/Regasm

    Abuse Regasm to proxy execution of malicious code.

    defense_evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2