General
-
Target
ES174028911-035110-sanlccjavap0004-1_pdf.exe
-
Size
1.3MB
-
Sample
201109-m22ephta2s
-
MD5
a7433aeec10caba2de9978e0de200cc3
-
SHA1
b5eb42feb127898ef72ad78ac039dd2e80dc0ab6
-
SHA256
daf3291e47f8659d58a505b5ed585987018001e08827f3aff1ab0bb860bd5c80
-
SHA512
c297fc86e40ac9654926eae90e00e03074f811968116de222e81df2760b41fee8b39bf1bff3f9466f7cf39eabd558462796009bc22c00696dac4d3771daa9503
Static task
static1
Behavioral task
behavioral1
Sample
ES174028911-035110-sanlccjavap0004-1_pdf.exe
Resource
win7v20201028
Malware Config
Extracted
xpertrat
3.0.10
xE
79.134.225.99:6712
Y550W6I4-W1O8-Y8D6-E6U5-B8X0R3E4K7S2
Targets
-
-
Target
ES174028911-035110-sanlccjavap0004-1_pdf.exe
-
Size
1.3MB
-
MD5
a7433aeec10caba2de9978e0de200cc3
-
SHA1
b5eb42feb127898ef72ad78ac039dd2e80dc0ab6
-
SHA256
daf3291e47f8659d58a505b5ed585987018001e08827f3aff1ab0bb860bd5c80
-
SHA512
c297fc86e40ac9654926eae90e00e03074f811968116de222e81df2760b41fee8b39bf1bff3f9466f7cf39eabd558462796009bc22c00696dac4d3771daa9503
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-