General
-
Target
EXCEL.exe
-
Size
503KB
-
Sample
210930-km65wshac3
-
MD5
cb12b24b0f69225693168e9c35761a1b
-
SHA1
0f68f676d76e3546d7d625cdb14f0947c59beff5
-
SHA256
c830683f700f311fe3d533d849cf045b1cbed5ff76debaa6c3dd8f71c0daa535
-
SHA512
9d53b958b83d8599d0eb1ee4766f03a735cd557290921ded296513e34fd2886ff78382e9a1616613c566d0be9cd5c381fa4de6b86a921d0a33aac1c499d00c65
Static task
static1
Behavioral task
behavioral1
Sample
EXCEL.exe
Resource
win7-en-20210920
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
EXCEL.exe
-
Size
503KB
-
MD5
cb12b24b0f69225693168e9c35761a1b
-
SHA1
0f68f676d76e3546d7d625cdb14f0947c59beff5
-
SHA256
c830683f700f311fe3d533d849cf045b1cbed5ff76debaa6c3dd8f71c0daa535
-
SHA512
9d53b958b83d8599d0eb1ee4766f03a735cd557290921ded296513e34fd2886ff78382e9a1616613c566d0be9cd5c381fa4de6b86a921d0a33aac1c499d00c65
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-