Extracted

Extracted

• • Target

    a07be23e856c005dd533c7ea4633961f_JaffaCakes118

  • Size

    246KB

  • MD5

    a07be23e856c005dd533c7ea4633961f

  • SHA1

    17647c75e4dacf8564b251ea86c9f3f6a3348a30

  • SHA256

    c52660c8725d31fa4af36cda848daf492bcb13da231111c9fb96886aba6a5c9e

  • SHA512

    fa1fd71323d31718c73b15e7446f0cd9fa7b59ae73146fab4253cff6fc3e1275225396899310be1d6043a4e0cbcc98289617cc431fe63af09f838b33892ad6a5

  • SSDEEP

    6144:PIkKCsdCf3H+An9RBGJKKccmSHNN/aFD35/n7Y14tWTeeWN:PIq3PeqBGJ9HNNcD3x724theW

  Score

  10^/10

  redlinesectoprattomreddleytbirzhadiscoveryinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2