General
-
Target
11_07_2020 PO_INVOICE #3309247.exe
-
Size
172KB
-
Sample
201015-8c6185c62x
-
MD5
ed21990ff9e29addfd9252f1ba0b30d4
-
SHA1
1f34df7a5cd551dcb5ec24227fbd1a985cbbe4ef
-
SHA256
8963180e8b2e7e51c5abd716e7a562ad010f663c41a38015ad2566231a7da9af
-
SHA512
c22f99e61f7b823f412f5c5ad5173096c38aab57833ab2ac61a5a38b173cc97b154a7b90d0d94fa6844eb8c371057429ba22a63533fcf4487e3eb19c0291dc06
Static task
static1
Behavioral task
behavioral1
Sample
11_07_2020 PO_INVOICE #3309247.exe
Resource
win7
Malware Config
Extracted
xpertrat
3.0.10
special X
sandshoe.myfirewall.org:4000
K8Q3I007-I4H2-R2V0-W0G8-T1Q3K5W771L5
Targets
-
-
Target
11_07_2020 PO_INVOICE #3309247.exe
-
Size
172KB
-
MD5
ed21990ff9e29addfd9252f1ba0b30d4
-
SHA1
1f34df7a5cd551dcb5ec24227fbd1a985cbbe4ef
-
SHA256
8963180e8b2e7e51c5abd716e7a562ad010f663c41a38015ad2566231a7da9af
-
SHA512
c22f99e61f7b823f412f5c5ad5173096c38aab57833ab2ac61a5a38b173cc97b154a7b90d0d94fa6844eb8c371057429ba22a63533fcf4487e3eb19c0291dc06
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-