General
-
Target
40e678e7d38a1541c06d16895d75f856.exe
-
Size
774KB
-
Sample
210421-glv2eppk8e
-
MD5
40e678e7d38a1541c06d16895d75f856
-
SHA1
5faee553c8dc1cc0492d7b8b78329ac56100c040
-
SHA256
7aa6ba1ed3e72514eac19d8b9ee4f95a17e33b63159bc75bd57ad8b38ce6361e
-
SHA512
4abce8638860dc80ec23516aba60cd1c87a66c8a98fb62730e042a8f78841afe45fd2c021f15395a06eb0b4b4e6a95809ce0d8d6806f95c2cc516caa7362be22
Static task
static1
Behavioral task
behavioral1
Sample
40e678e7d38a1541c06d16895d75f856.exe
Resource
win7v20210408
Malware Config
Extracted
xpertrat
3.0.10
XXX
kapasky-antivirus.firewall-gateway.net:2054
kapasky-antivirus.firewall-gateway.net:4000
U4G3L113-M7Y0-X0M5-M3D5-U8C7U551Q8Q7
Targets
-
-
Target
40e678e7d38a1541c06d16895d75f856.exe
-
Size
774KB
-
MD5
40e678e7d38a1541c06d16895d75f856
-
SHA1
5faee553c8dc1cc0492d7b8b78329ac56100c040
-
SHA256
7aa6ba1ed3e72514eac19d8b9ee4f95a17e33b63159bc75bd57ad8b38ce6361e
-
SHA512
4abce8638860dc80ec23516aba60cd1c87a66c8a98fb62730e042a8f78841afe45fd2c021f15395a06eb0b4b4e6a95809ce0d8d6806f95c2cc516caa7362be22
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-