General
-
Target
099803578388c6f4a6a4904fdb0b8b8e77e7ee9c14eccbda79272baf92093e18.exe
-
Size
28KB
-
Sample
201117-c962m22r5a
-
MD5
13d84033f65345d8a87391ec0eb6b482
-
SHA1
b6354b17def07e0ead0f90a30b50c9090e720e5f
-
SHA256
099803578388c6f4a6a4904fdb0b8b8e77e7ee9c14eccbda79272baf92093e18
-
SHA512
5093353181b2c6cb0ec0c421e7e5b87e3e222fd6fb5e250bed960ebad1a0041be4e7ba412067e1c6d4eba6e1248c59022eef87c281346c507aa0ae8990fe285f
Static task
static1
Behavioral task
behavioral1
Sample
099803578388c6f4a6a4904fdb0b8b8e77e7ee9c14eccbda79272baf92093e18.exe
Resource
win7v20201028
Malware Config
Extracted
xpertrat
3.0.10
special X
sandshoe.myfirewall.org:2054
sandshoe.myfirewall.org:4000
C7H2A8R6-A3X1-J1N8-N887-L0I1C4O6U0D4
Targets
-
-
Target
099803578388c6f4a6a4904fdb0b8b8e77e7ee9c14eccbda79272baf92093e18.exe
-
Size
28KB
-
MD5
13d84033f65345d8a87391ec0eb6b482
-
SHA1
b6354b17def07e0ead0f90a30b50c9090e720e5f
-
SHA256
099803578388c6f4a6a4904fdb0b8b8e77e7ee9c14eccbda79272baf92093e18
-
SHA512
5093353181b2c6cb0ec0c421e7e5b87e3e222fd6fb5e250bed960ebad1a0041be4e7ba412067e1c6d4eba6e1248c59022eef87c281346c507aa0ae8990fe285f
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-