Extracted

• • Target

    c69b2b190f08dc6bb255a2c0ce1c148b.exe

  • Size

    591KB

  • MD5

    c69b2b190f08dc6bb255a2c0ce1c148b

  • SHA1

    b3d29e545e0b3fb9e83968c3b6d0f3c7dbee67f4

  • SHA256

    3d6a6e8d03f0b291d9709a0d623b01f76d3f92f3fe395b6f57027cc9e892aa30

  • SHA512

    22b6e29ac922ee42be11fcf452611a0889380dd62503d7db144373c44b61d57c4cf738710bbb3517ac6edc8fbaebfd7031b6a57ab5eab6d2e87ddde2c8f8dc04

  • SSDEEP

    12288:2GpuMpm+gvyQqbxxFWBJqWjdgPwnnqoqxJ2fUkVRVRty1+ZWu:lpuLmbxKTdAQA2rlRt0u

  Score

  10^/10

  discoveryredlinesectopratcheatinfostealerratspywarestealertrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2