General
-
Target
fattura di pagamento 0CV1-005444pdf.exe
-
Size
1.1MB
-
Sample
201019-tygmpnc7ha
-
MD5
8fe9be96087c330447fde8a3f2e48dd9
-
SHA1
1eff821be1890fafda7a86e0558bb5ab33e19f3c
-
SHA256
b8d430b1bdab27f5308b0f3817a50718dc72c01f0a126c44c15e0959efd3f588
-
SHA512
6d395427b623853631332322b6741768bf4cd490c26d7e4359b0697ce11d11dd54e802fe8e990d1aaba15016b872e61d3075e9fa54d946e88afb5256bcb185e0
Static task
static1
Behavioral task
behavioral1
Sample
fattura di pagamento 0CV1-005444pdf.exe
Resource
win7v200722
Malware Config
Extracted
xpertrat
3.0.10
xbox
79.134.225.97:4726
79.134.225.97:7892
Y1E5W2H0-W6U4-R5S1-S8J1-I3T1C6W3P336
Targets
-
-
Target
fattura di pagamento 0CV1-005444pdf.exe
-
Size
1.1MB
-
MD5
8fe9be96087c330447fde8a3f2e48dd9
-
SHA1
1eff821be1890fafda7a86e0558bb5ab33e19f3c
-
SHA256
b8d430b1bdab27f5308b0f3817a50718dc72c01f0a126c44c15e0959efd3f588
-
SHA512
6d395427b623853631332322b6741768bf4cd490c26d7e4359b0697ce11d11dd54e802fe8e990d1aaba15016b872e61d3075e9fa54d946e88afb5256bcb185e0
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-