Extracted

• • Target

    7a1040ef3ed54b1643e695698d0e30b5_JaffaCakes118

  • Size

    596KB

  • MD5

    7a1040ef3ed54b1643e695698d0e30b5

  • SHA1

    e525239b4d0dbdba36d81a7dfa3dde58847dbaa1

  • SHA256

    4e30dc1786ef81954dc6d2055ca4c7cc2cb8b3a3af5443ea03885a7f38e96a80

  • SHA512

    3682a40eed206d16f170a8bb9693cf18bc27098827940b88671e5efaa48eb69eb104b349ec24612b4682628e8d8f3d4494687fd8d91d869d0e5a6d5020a28e9d

  • SSDEEP

    6144:t+gToN7bairrnsDRnPZPU5GD3ZKOzcjp/aScxuEWMXu3OWaewWUSMYVy:tGN7uwzsDPPRZZzctapbSjJM7

  Score

  10^/10

  redlinesectoprat@dxpexdefense_evasiondiscoveryinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • System Binary Proxy Execution: Regsvcs/Regasm

    Abuse Regasm to proxy execution of malicious code.

    defense_evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2