Extracted

Extracted

• • Target

    5a38fd050fda5f392478698c1b623bb1.exe

  • Size

    1.6MB

  • MD5

    5a38fd050fda5f392478698c1b623bb1

  • SHA1

    bd82796b2c0210a147afe1b6dbb8a98a6acd57db

  • SHA256

    6eedc33f633438f8e5b63150941b5356c3d2d5aae68e3d177200756305912c07

  • SHA512

    16721c8930d70d9174c8a973345f2b9d058f2b695c9bdc84e758133ace3777fbe8dab4006f3f192ddac849e0c8cb7941f799e320abcc52f1e1e7aa24fae8e85d

  • SSDEEP

    49152:kzpn+XjLM2v2VKDRl3CR4eHpKdxHg5Rdi:fXjGKL3CvH21g5Rd

  Score

  10^/10

  privateloaderredlineriseprosmokeloaderhordabackdoordiscoveryinfostealerloaderpersistencestealertrojan

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1