Extracted

• • Target

    3d5f4a6a061550225a30e76f8ff8ef379f158d14862c4b76a56a0844114de8e2

  • Size

    7.2MB

  • MD5

    7212e623e04d3427364e7f00a95bf932

  • SHA1

    5f8e0384cf7c209d804d9b10e3d2281a9c391fe7

  • SHA256

    3d5f4a6a061550225a30e76f8ff8ef379f158d14862c4b76a56a0844114de8e2

  • SHA512

    3a2ac1111eaaf17475235ee233819286848c45bb2d69a42803fde15f4ae609f63120ca3a9f945b80af1a7c565941e81513ecb90ef9ea1320240c81f77091f7df

  • SSDEEP

    196608:r+QDCeRpnhgR/BQ+/Svwj47kuTkGfxDlDlAs:s6MQ+/SvwOvY4

  Score

  10^/10

  redlinesectopratcheatdiscoveryinfostealerpyinstallerrattrojanlateral_movement

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Remote Service Session Hijacking: RDP Hijacking

    Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.

    lateral_movement

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2