Extracted

• • Target

    QuantumBuilder.exe

  • Size

    2.5MB

  • MD5

    03a4fcff58e8c316ee039f63920e884b

  • SHA1

    6b723644868f4820499a4c9cf254ef9add940f58

  • SHA256

    4736e79e75f24db2a63b318ab7f4119f115389f30064f692a11ae68508beb255

  • SHA512

    a97a68522a50430acdca7c8c6ee441e99e4be7c2b49f3df7cd4ad5801aae58e6603c46f50e026a5a234242325316119494a30aebcd7f5e1f5a40ef3ae6ee896a

  • SSDEEP

    49152:/Ryi81om8kG+WpI+A9GpOQ8y2xKK8Zn8PtgyuI9LS3j12Co:/8i8H8kG+B+A99b1lgyhhC

  Score

  10^/10

  discoveryevasionredlinesectopratcheatinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2