Extracted

• • Target

    946da435f90444c85f947c9ccbfbc5a2cf012fd21ce8df925b2ad0eff89182a5.exe

  • Size

    5.7MB

  • MD5

    833833ba12dfef228f8882dfd5f6f42a

  • SHA1

    e8aa3d860a131c5bec58549fd13f8dfbafe92f15

  • SHA256

    946da435f90444c85f947c9ccbfbc5a2cf012fd21ce8df925b2ad0eff89182a5

  • SHA512

    88ecf28037f31440e4c4e4d963ecc11455f5eb13cf706d60c69fa389ab2b1608c558eb51cfc0f0a9009c9beb4bf1efdfd2eac95f49a966ff796f8d3a7b850f3f

  • SSDEEP

    98304:qLao11fXkOepLsO3gjprldMpkmsVa36cOQrfCNvjbmgK5MECws1FImhAUG06UtD:q2w1fE2zldmWHofCNvegK5MoyImnGjUN

  Score

  10^/10

  redlinesectopratbuild 21.10discoveryinfostealerrattrojanvmprotect

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Suspicious use of SetThreadContext

  behavioral1behavioral2