General
-
Target
f6eb3ee5a5791580cb437aed0ed50ee7.exe
-
Size
346KB
-
Sample
201109-x26pnpp4vj
-
MD5
f6eb3ee5a5791580cb437aed0ed50ee7
-
SHA1
42390aa36dd526141c798849a02dfdebcbd17eb5
-
SHA256
12f341bc0f65e96848b4dd440afc7f653e883e740adcb677fc4f8b5ba5c38ef2
-
SHA512
c94f46ffef834d6b00240bd4431f5dc191c75fbfa6b6ed31a7a94a23b93084a0d69d00cf24e66d8b919c8b58de365b70fa3bb461e51c153c7b747f6b0cbc0527
Static task
static1
Behavioral task
behavioral1
Sample
f6eb3ee5a5791580cb437aed0ed50ee7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f6eb3ee5a5791580cb437aed0ed50ee7.exe
Resource
win10v20201028
Malware Config
Extracted
xpertrat
3.0.10
msn
127.0.0.1:666
194.5.99.136:3135
D7X4P1B8-Q5O3-S1E1-N0C3-X4R7E8E2T6P3
Targets
-
-
Target
f6eb3ee5a5791580cb437aed0ed50ee7.exe
-
Size
346KB
-
MD5
f6eb3ee5a5791580cb437aed0ed50ee7
-
SHA1
42390aa36dd526141c798849a02dfdebcbd17eb5
-
SHA256
12f341bc0f65e96848b4dd440afc7f653e883e740adcb677fc4f8b5ba5c38ef2
-
SHA512
c94f46ffef834d6b00240bd4431f5dc191c75fbfa6b6ed31a7a94a23b93084a0d69d00cf24e66d8b919c8b58de365b70fa3bb461e51c153c7b747f6b0cbc0527
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-