General
-
Target
Castor.exe
-
Size
172KB
-
Sample
201021-675ch83rj2
-
MD5
720f271211bc96a23df00598e1f15656
-
SHA1
2cb26257e261f7c0a2d82405b76963f4008fd531
-
SHA256
b642ee9e0c62dcbb71ca4e722dc7a45e090ac60bd35f34c3199ad98c568cde6b
-
SHA512
924fe625eff79a0a275f0389fbb42bffcc74b2263054b390f42a7e51121611617b362d23d8010a8102f67769d6a3935d117003352da1a7b286545450e53c3645
Static task
static1
Behavioral task
behavioral1
Sample
Castor.exe
Resource
win7v200722
Malware Config
Extracted
xpertrat
3.0.10
micro
127.0.0.1:666
185.165.153.219:2819
V1B5T2E0-T6R4-O5P1-P7G0-X443Q1Y6T3M3
Targets
-
-
Target
Castor.exe
-
Size
172KB
-
MD5
720f271211bc96a23df00598e1f15656
-
SHA1
2cb26257e261f7c0a2d82405b76963f4008fd531
-
SHA256
b642ee9e0c62dcbb71ca4e722dc7a45e090ac60bd35f34c3199ad98c568cde6b
-
SHA512
924fe625eff79a0a275f0389fbb42bffcc74b2263054b390f42a7e51121611617b362d23d8010a8102f67769d6a3935d117003352da1a7b286545450e53c3645
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-