General
-
Target
BBSEMXMXXX01098210315.exe
-
Size
222KB
-
Sample
210315-8gkbbzwl8e
-
MD5
7c6e6a3972fcd89ba074f78f27402531
-
SHA1
46cd5b29880a457bd0a829ebb4a808e7d426eae2
-
SHA256
3fa22ad54a485ad705fe5a71384a7002dedff621edfb81b4c4d71528407c879f
-
SHA512
c55c275ff4fd4a43cf03dfc2de49da69baa439083e29257cf5447592bde51842a1c7b0877b44821f2f2221aae27473e5c7ee391c1baf452b9cba51f99634deb0
Static task
static1
Behavioral task
behavioral1
Sample
BBSEMXMXXX01098210315.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
BBSEMXMXXX01098210315.exe
Resource
win10v20201028
Malware Config
Extracted
xpertrat
3.0.10
windows shealth
79.134.225.77:7070
C2H6Y3K1-A7X5-B5F3-N3W1-K4A558N0M337
Targets
-
-
Target
BBSEMXMXXX01098210315.exe
-
Size
222KB
-
MD5
7c6e6a3972fcd89ba074f78f27402531
-
SHA1
46cd5b29880a457bd0a829ebb4a808e7d426eae2
-
SHA256
3fa22ad54a485ad705fe5a71384a7002dedff621edfb81b4c4d71528407c879f
-
SHA512
c55c275ff4fd4a43cf03dfc2de49da69baa439083e29257cf5447592bde51842a1c7b0877b44821f2f2221aae27473e5c7ee391c1baf452b9cba51f99634deb0
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-