General
-
Target
xpertee.exe
-
Size
172KB
-
Sample
201225-gsd99bmlvn
-
MD5
4b448c2f70404c6b0dae7ee65bc2cd96
-
SHA1
4d10fb4f0f2d092aabe75fefda6b1f8e5081dcb3
-
SHA256
e3c5d29533223d5a1cb39c9531bffce0bfbdae3b7335a8b203c034b581dda787
-
SHA512
1e97572d22809adaa684cbf0a2acba4e6f19c93c76937b8b2f45db890607036a712e90bf6250e85658589eddcdbb5fca55b37ebb2692979654a23c6d0fb38570
Static task
static1
Behavioral task
behavioral1
Sample
xpertee.exe
Resource
win7v20201028
Malware Config
Extracted
xpertrat
3.0.10
special X
papertyy.duckdns.org:4145
ghytrty.duckdns.org:4145
G7M3E0W6-E4D2-N1R0-S0C7-P1M2G5S6Y0H4
Targets
-
-
Target
xpertee.exe
-
Size
172KB
-
MD5
4b448c2f70404c6b0dae7ee65bc2cd96
-
SHA1
4d10fb4f0f2d092aabe75fefda6b1f8e5081dcb3
-
SHA256
e3c5d29533223d5a1cb39c9531bffce0bfbdae3b7335a8b203c034b581dda787
-
SHA512
1e97572d22809adaa684cbf0a2acba4e6f19c93c76937b8b2f45db890607036a712e90bf6250e85658589eddcdbb5fca55b37ebb2692979654a23c6d0fb38570
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-