General
-
Target
0530c72ac087e821a13fd9173565dfe8.exe
-
Size
28KB
-
Sample
201111-fpjxnhgw36
-
MD5
0530c72ac087e821a13fd9173565dfe8
-
SHA1
a5a8ff2ee22dce4ec4d2d5674c29dc2483fb418e
-
SHA256
d3f2094ff947212a812af1a551b602d9056843ae7f3bdf5f95c90e0590f9fb0a
-
SHA512
72993dca21a351a1b7cfdf99cbf914ca0fe71437f250722f36c5da15ec8e80fca14143273fa5550fcc7ddf115d9b5749462ba304ba0f0faa441dd4901d917696
Static task
static1
Behavioral task
behavioral1
Sample
0530c72ac087e821a13fd9173565dfe8.exe
Resource
win7v20201028
Malware Config
Extracted
xpertrat
3.0.10
special X
sandshoe.myfirewall.org:2054
sandshoe.myfirewall.org:4000
C7H2A8R6-A3X1-J1N8-N887-L0I1C4O6U0D4
Targets
-
-
Target
0530c72ac087e821a13fd9173565dfe8.exe
-
Size
28KB
-
MD5
0530c72ac087e821a13fd9173565dfe8
-
SHA1
a5a8ff2ee22dce4ec4d2d5674c29dc2483fb418e
-
SHA256
d3f2094ff947212a812af1a551b602d9056843ae7f3bdf5f95c90e0590f9fb0a
-
SHA512
72993dca21a351a1b7cfdf99cbf914ca0fe71437f250722f36c5da15ec8e80fca14143273fa5550fcc7ddf115d9b5749462ba304ba0f0faa441dd4901d917696
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-