Extracted

• • Target

    skibidibi.zip

  • Size

    15.0MB

  • MD5

    e3c095bad1b222b74dfab35fce9b58fc

  • SHA1

    dafa30f20bfabe025c446186c3051e713559b635

  • SHA256

    ddc4ee5b164774a9bcbc42636ae1b555c0e652943f89809adfe17643739c09d9

  • SHA512

    509ef669bacb93d494e0df57ca3e5ec3d371815a58ed5c68d445bc2feba57588f6ad0a30efd4cc0894c1c63f4761a422897825021280d2ddbcd40428f5cecfbb

  • SSDEEP

    393216:oWXzo7MYwJONnGHVWx55TbJDnJ6YrNDseN3zGASyC3FzeV8Qic1k:nDokMqWD5TdbJ6YrNrzd1ABeVqc1k

  Score

  10^/10

  redlinesectopratskibididiscoveryinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1