Extracted

• • Target

    87549aceda05fa5a0eeab4c43c3a6f47_JaffaCakes118

  • Size

    449KB

  • MD5

    87549aceda05fa5a0eeab4c43c3a6f47

  • SHA1

    23f64c1f598d86d6af7e3cb51ed0b2b8b2682dfe

  • SHA256

    d532fdb0df3fdd2946b6874fcea5286210bcc2a032e91fc1db51157266327d01

  • SHA512

    f8ef60b9cb5a692d853de69daaa98e21030949cc05dfc20168e57612f05842423268b4ab51160832b7ae3421a86aecf9d2e1c0f94b935150f509e1905640f961

  • SSDEEP

    12288:9bMlSn74JPOrryUtXz0KCR0WHfW0SiufeK:9bt74pWp9wKCqWH+0d4

  Score

  10^/10

  redlinesectopratanythingdiscoveryinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2