General
-
Target
452ea764a4f629c9c4d6880aa215928a.exe
-
Size
433KB
-
Sample
210929-hx9mnaeagp
-
MD5
452ea764a4f629c9c4d6880aa215928a
-
SHA1
9b69fcd3856d302da2506e84f220b26dd926e061
-
SHA256
e4b8184869d65a34fb9e0fb43d8b6c252cb153f7139485e3fde6d02cd6898242
-
SHA512
c0898afc925e5a6099ca6ba8468aa6ef528b94f921036db0445dd5b2f575fbf4bb25994196fe4af387c43542720215b29422e241e6da172aad22c8824e2281a0
Static task
static1
Behavioral task
behavioral1
Sample
452ea764a4f629c9c4d6880aa215928a.exe
Resource
win7-en-20210920
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
452ea764a4f629c9c4d6880aa215928a.exe
-
Size
433KB
-
MD5
452ea764a4f629c9c4d6880aa215928a
-
SHA1
9b69fcd3856d302da2506e84f220b26dd926e061
-
SHA256
e4b8184869d65a34fb9e0fb43d8b6c252cb153f7139485e3fde6d02cd6898242
-
SHA512
c0898afc925e5a6099ca6ba8468aa6ef528b94f921036db0445dd5b2f575fbf4bb25994196fe4af387c43542720215b29422e241e6da172aad22c8824e2281a0
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-