Extracted

• • Target

    b350608b0e910d0d3cfd8d7d2850cd154f247540dc012105dbd3fb01121e78ecN

  • Size

    567KB

  • MD5

    d4cbd7deb21397bad0a56ee137fed1a0

  • SHA1

    3de557e2beeb405bf164a7a2c749df11de1e194b

  • SHA256

    b350608b0e910d0d3cfd8d7d2850cd154f247540dc012105dbd3fb01121e78ec

  • SHA512

    12a9b8a1286971d1b34c2dd548d421a7b7dfe4dabc1b7f6f008a791568b90e996b29cce92d98fc0aff9bfa7f6ab429a7c779aa19971cbba2343e454a720ce2da

  • SSDEEP

    6144:RQoLNHzbVTC1/i3K1NiuhxJY5T6h/kNMEeT0b5ecy5UMSZTLqW5alMa9h8xFNu87:mivVTca3Oh2qk16w05UPWEViwt5XHUkR

  Score

  10^/10

  discoveryexecutionredlinesectopratcheatinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2