Extracted

• • Target

    6b8a56b74f1670c96876239a5ba07efd_JaffaCakes118

  • Size

    3.8MB

  • MD5

    6b8a56b74f1670c96876239a5ba07efd

  • SHA1

    48c92de72241356721ac1225e257c68e93cf0c83

  • SHA256

    339ec36cbe6b30265a40f17065e4261d9d3f9ebb56399d0fbc9b3e0a40d6aa3d

  • SHA512

    6754b384048fcb769622f7872f8cb813d79ce51dbdcb60297f833b5573e19709044361e9861fe09f557b7171402226af92d2b8362cd1b17740f31f755206b9a9

  • SSDEEP

    49152:TgoEY1xSmTl3K20Mk2XVrkH2W+rvCRgcuO2aZzJLskIw5BUgGRc:sVYjTtKQXy2rD0gcuO2C4kv56k

  Score

  10^/10

  redlinesectopratlolka2020discoveryevasioninfostealerratthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2