General
-
Target
RFQ_PO_7645321875.exe
-
Size
261KB
-
Sample
201012-rcpgfvgr9e
-
MD5
870fdad769262715ea10aed9c9f724f4
-
SHA1
ddb6654c1a408fb8e55b3b1d8506e7d1e4d54d6d
-
SHA256
ff9d837e464eb07ad603c0b2ac0a35029117123c31570baeb61fca9a0242b493
-
SHA512
a0227797adcceb27e12c7ef49b9eaa4a9814d85136e35a162b589dd3eccf8339b62cbec3f924fcf0cf317a55d068d393d66363c20cd0fcac86c3c3ad43e9f63d
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_PO_7645321875.exe
Resource
win7
Malware Config
Extracted
xpertrat
3.0.10
special X
sandshoe.myfirewall.org:4000
K8Q3I007-I4H2-R2V0-W0G8-T1Q3K5W771L5
Targets
-
-
Target
RFQ_PO_7645321875.exe
-
Size
261KB
-
MD5
870fdad769262715ea10aed9c9f724f4
-
SHA1
ddb6654c1a408fb8e55b3b1d8506e7d1e4d54d6d
-
SHA256
ff9d837e464eb07ad603c0b2ac0a35029117123c31570baeb61fca9a0242b493
-
SHA512
a0227797adcceb27e12c7ef49b9eaa4a9814d85136e35a162b589dd3eccf8339b62cbec3f924fcf0cf317a55d068d393d66363c20cd0fcac86c3c3ad43e9f63d
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-