Extracted

• • Target

    ttcopy.exe

  • Size

    1.4MB

  • MD5

    eace0039dd2f8fb2a963b0cf8208b8ed

  • SHA1

    3c9095b0e6b423b17abb966bc2dce7092a05fe70

  • SHA256

    3e66d72e6cb4fab3bf03a7a1ba048e661b9669928a021140d4d0cde12ced097f

  • SHA512

    eaf1ffb532deda9424cbfb3655dbe423f6e0ec289dd7eeec02714eef516e068c0fa15c914fc69f146d5d9a3839b6a34d2a81925953c66b4b0252ae28c7345135

  • SSDEEP

    12288:p2hhDcnbPxuhAjGSJTRQ2b+pth7BmwE5Td3o:MEbPAhAiSJTRQ2bSthtmwEp6

  Score

  10^/10

  redlinesectopratcheatdiscoveryinfostealerrattrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1