Extracted

Extracted

• • Target

    c3bbb675ebfb5dc5d747551529c7feea42f8eeef6675d.exe

  • Size

    32KB

  • MD5

    e5f31c2d85adf65d285841220280cf4f

  • SHA1

    67277c68a170e03f4445211fbabf2b09995a98cd

  • SHA256

    c3bbb675ebfb5dc5d747551529c7feea42f8eeef6675d76f37afa87bcbf02ab3

  • SHA512

    ab5dc9ab8658adbb7ad5410de895834c72414214b616e1610b874ed885f68cd615c0fcc9afe017e77e0c931d474bdd580f70a0487170a84bd2cf973685fbb26b

  • SSDEEP

    384:jEbmX5Qa+vN1h1+X3v6JFjL+g93Tm2eaFObJdRApkFTBLTsOZwpGd2v99IkuisVj:wVa+vNtg+PB93Tw42JdVFE9jdOjhmbM

  Score

  10^/10

  redlinesectopratxwormcheatdiscoveryinfostealerratspywarestealertrojan

  • Detect Xworm Payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2