Extracted

• • Target

    e0ed719f5cfb88cf8535b2eccb304091_JaffaCakes118

  • Size

    565KB

  • MD5

    e0ed719f5cfb88cf8535b2eccb304091

  • SHA1

    37df1d9374b95208eeb849f201ec52a9ea2a1dc4

  • SHA256

    34a52412b78513c099240257aa12fb65cfaeed5f0dae9a70abda841e8f71a8d1

  • SHA512

    a31fb1f6a0129d8ccf88137019f3571ba45db1c46d6f3fcad50504dd001d8e24cad2cab0cbd93eb83889bda5e19460cd513d4c7409bac8cbbe02606f1a71ecd4

  • SSDEEP

    12288:QwPAN6Xz/apy723UP9q/QGXMBp1mctuvim0IzUjGL63Fjh9NE0EKl/Bylcf:vA6GYLP9tGXMpsigzS

  Score

  10^/10

  redlinesectoprat@krokz26discoveryevasioninfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2