Extracted

• • Target

    LIST PURCHASING SAMPLE.exe

  • Size

    612KB

  • MD5

    ecd159d26376dd7d518c1dceb594c2b6

  • SHA1

    60510c6bc575099d54d45cb488b55fe3e119598d

  • SHA256

    bf2fc65aa2d6ca7843ddfb3a059dbfe734aad5c9ca1daa1789bec5e3ff66b266

  • SHA512

    7b103b97a26bca47993212eb229920fff93caab667c682c9c3b93b52db4108df310d007ff9063ebc8036aeb748f989cf0d9a42de544d85a3a6da52e63b469161

  • SSDEEP

    12288:KRQIJ0r1ixmzU1OApFMH2CPw7oRttTI27rAdcpCJVMgnkR:wJo1ikOiHxI76nTr78dcpCJVTy

  Score

  10^/10

  redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2