General
-
Target
dc2492ebf0fca4a52c41433c0e289750.exe
-
Size
887KB
-
Sample
210629-a3dsncp872
-
MD5
dc2492ebf0fca4a52c41433c0e289750
-
SHA1
00c52f686027dc00d98b1aad58e074bcfd92f765
-
SHA256
79aa4d81cf5455a126a2b7474067f392acc392370fa6ae0a62f7e1e0271775c2
-
SHA512
4ea3f881fd61a0b34b723cf3e0f91ab88aed1561d0de1156c83c438e34d214950433fe616a7f57e50034ab72c1acdece1b734be06a4e79bcecb5e3dbcc1bb3ae
Static task
static1
Behavioral task
behavioral1
Sample
dc2492ebf0fca4a52c41433c0e289750.exe
Resource
win7v20210408
Malware Config
Extracted
xpertrat
3.0.10
special X
mertrerfeyy.duckdns.org:8494
gwtruwhgw.duckdns.org:8494
dfgrttuutii.duckdns.org:8494
M2P7W1K1-J110-W5Y5-F7Y0-B2B7A0M6B1K7
Targets
-
-
Target
dc2492ebf0fca4a52c41433c0e289750.exe
-
Size
887KB
-
MD5
dc2492ebf0fca4a52c41433c0e289750
-
SHA1
00c52f686027dc00d98b1aad58e074bcfd92f765
-
SHA256
79aa4d81cf5455a126a2b7474067f392acc392370fa6ae0a62f7e1e0271775c2
-
SHA512
4ea3f881fd61a0b34b723cf3e0f91ab88aed1561d0de1156c83c438e34d214950433fe616a7f57e50034ab72c1acdece1b734be06a4e79bcecb5e3dbcc1bb3ae
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-