Extracted

• • Target

    150c210067dbe7fe56d888c0f543f3cbb9c3a35b7301b640b023d3fca717cffb

  • Size

    584KB

  • MD5

    9cc2d2c760ca9153bfdc82fad4553aa5

  • SHA1

    dc93ee1c5a32a4dbab2a4f909c549d07f0d48437

  • SHA256

    150c210067dbe7fe56d888c0f543f3cbb9c3a35b7301b640b023d3fca717cffb

  • SHA512

    1e39beb9f2db2f787f4b60cd4401668450be444228a7b9bbf35ebf35a9560a2b08bee7c5317e6455b938ec313178f8982621d089ceabb9c5ebdca15e2a272284

  • SSDEEP

    12288:6rOjF+Ri3AgFdCvjn0GoDpjqKYjRhnby+rgnK3:qQ3Ag60GoDpWKKnbtruK3

  Score

  10^/10

  redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2