General
-
Target
810436f7d29ced22beac8734da3acacf.exe
-
Size
772KB
-
Sample
210712-e5z67ryvhn
-
MD5
810436f7d29ced22beac8734da3acacf
-
SHA1
d057887e566aa744eb8c82fc5ac05132ece9e218
-
SHA256
86214e9a4b21afd0a46c93ee39eb99b188e43cc773a15f632fe8bea3169ee0a5
-
SHA512
d1f97c990abe6eb28289d36d3c20a21e078bd5561d4765ca202be24a570a742cc37cd063195581e7b6ebd02705f453ee532b59239a6c06195856727339d3fbb7
Static task
static1
Behavioral task
behavioral1
Sample
810436f7d29ced22beac8734da3acacf.exe
Resource
win7v20210410
Malware Config
Extracted
xpertrat
3.1.9
BXK
ioxg.ix.tc:4000
R4W8O5A3-P0G7-Q7U5-H114-L7S6L4U0I6I6
Targets
-
-
Target
810436f7d29ced22beac8734da3acacf.exe
-
Size
772KB
-
MD5
810436f7d29ced22beac8734da3acacf
-
SHA1
d057887e566aa744eb8c82fc5ac05132ece9e218
-
SHA256
86214e9a4b21afd0a46c93ee39eb99b188e43cc773a15f632fe8bea3169ee0a5
-
SHA512
d1f97c990abe6eb28289d36d3c20a21e078bd5561d4765ca202be24a570a742cc37cd063195581e7b6ebd02705f453ee532b59239a6c06195856727339d3fbb7
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-