Extracted

• • Target

    8ae5c67ba12d7028d34831679c57f372.exe

  • Size

    666KB

  • MD5

    8ae5c67ba12d7028d34831679c57f372

  • SHA1

    76d36117d58b5c801c2d698eddc414b0a06bed05

  • SHA256

    31a2ec31c4722d3011b75595c76e677aba7e5bc164c667d709943893ebea4f97

  • SHA512

    7d18bfa40ddd24df9e656861f3f7854d7f8baa12b8c354665f07dc88e535e9a12e23a9e9aaed5ed093d51effc8aaff899a4a18053f6ae3efb3e6f3afa5ce42f0

  • SSDEEP

    12288:GTBtWYMV+I4MVKW84KMmxGSeR6NKPpdCVsYJabrUKcQO++Zzo+JdNS2tJHB:wLGRgl4KMnSGzYJpKch++Ro+k2tJHB

  Score

  10^/10

  redlinesectopratcheatdiscoveryexecutioninfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2