General
-
Target
02 SCRAP BIDDING INVITATION_xlsx.exe
-
Size
301KB
-
Sample
200624-3pqyjfy64j
-
MD5
dd5e6e486e6facac99576ee8ebfe048b
-
SHA1
05a7d384860296a1d5b5d53f908403a53ac7f8bd
-
SHA256
ada06fa53bcebf55db1efd74571846489efb56f71f3e8283e157e78c69da8ee4
-
SHA512
c0f19b2349ce51cc64dce57d28a60a4d40d570dd1bdefbcd23c85183700dfda876e8f3f6ff59934d26bfe76c536d2c8ec13ac89e7fce6a0053fa07aceddda5f5
Static task
static1
Behavioral task
behavioral1
Sample
02 SCRAP BIDDING INVITATION_xlsx.exe
Resource
win7
Behavioral task
behavioral2
Sample
02 SCRAP BIDDING INVITATION_xlsx.exe
Resource
win10v200430
Malware Config
Extracted
xpertrat
3.0.10
msn
194.5.99.136:3135
79.134.225.85:3135
G2G228Q5-P8H1-G1U7-U4L6-D1K007E3Y0Y8
Targets
-
-
Target
02 SCRAP BIDDING INVITATION_xlsx.exe
-
Size
301KB
-
MD5
dd5e6e486e6facac99576ee8ebfe048b
-
SHA1
05a7d384860296a1d5b5d53f908403a53ac7f8bd
-
SHA256
ada06fa53bcebf55db1efd74571846489efb56f71f3e8283e157e78c69da8ee4
-
SHA512
c0f19b2349ce51cc64dce57d28a60a4d40d570dd1bdefbcd23c85183700dfda876e8f3f6ff59934d26bfe76c536d2c8ec13ac89e7fce6a0053fa07aceddda5f5
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-