Extracted

• • Target

    96ae879d47df27d44d3228a7f6e2050157c7a3fc99ff57293efbf9984afb6701.exe

  • Size

    673KB

  • MD5

    0241ff0075c6a2192e14cc9e0d040a7f

  • SHA1

    5739466de449cdf70fc4659fcd952dd7da22056c

  • SHA256

    96ae879d47df27d44d3228a7f6e2050157c7a3fc99ff57293efbf9984afb6701

  • SHA512

    2f65a99da569096b7f88514b841ce53d78852867062d87c1275cabf5c87891307ab624470037ce57b7dfd217293f8505f387dae57e46d17f9cdf30e21767a951

  • SSDEEP

    12288:1KvVY6ao4/7xefpM4+2tdtzwXN0tt5YtiT/lxNU7fi44KhpQnES5BAL+o63RY/:4vVJutehM2tPwstTxxNUn48QnKyo6BY/

  Score

  10^/10

  redlinesectopratcheatdiscoveryinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Downloads MZ/PE file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2