Extracted

• • Target

    3b2aa924c5c1d7b9136d550099fd0df701352c525baa6f0b9eb45f8d26909386N.exe

  • Size

    717KB

  • MD5

    0a9d930c8197280d445552cfef7523d0

  • SHA1

    2851de0b6b8aec4e7262196db88b59040d184ee1

  • SHA256

    3b2aa924c5c1d7b9136d550099fd0df701352c525baa6f0b9eb45f8d26909386

  • SHA512

    81767b79197e3ccc82a90e6dc3de77d394df8019f297e19589f487a7342ddb9696adf60a1627a3c5aebecaaf57d9fac334ab646ccf216574fd7239b7f205d903

  • SSDEEP

    12288:L/ahzqGIoQl1RrN4wsT88ZLdIpT4bKzZrqr:uOhGwM5b4Ju

  Score

  10^/10

  redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2