Extracted

• • Target

    JaffaCakes118_83e526f8bfc46d6e36280cecec659cc1

  • Size

    1.2MB

  • MD5

    83e526f8bfc46d6e36280cecec659cc1

  • SHA1

    eb2a8108072fa34a559f63d2ea5cf856a96d2154

  • SHA256

    adc87f7ea711a1a3dd2de34647ec7b8a933588b35bf7ad3499d255e669e5f4f6

  • SHA512

    b05a71712788ae2b412ef18d28e27860ae64992a85122b161e6d62ba2eed20bc7fefd21bd0d19aa59380cb19f22d7ec293ac31fb61a84b546faf49ac862f9000

  • SSDEEP

    12288:unp+wJ9GeeYwTVlCOCQWAKeAaf/+YQZ7QQ6m1N4LWgViFd1kXanGJAWCG2GBKf/N:uOeZ7YymWgpkM4us

  Score

  10^/10

  redlinesectoprat@andrey_dolmatovdiscoveryinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2