General
-
Target
9443d3d69b5e62fb2c944c1bc14b4d4ad21f3e0c70826b0d800e09eb9fb82d3f
-
Size
11KB
-
Sample
211001-lqnndsbdf4
-
MD5
b5793c6501fdaa272cb87931977d4aac
-
SHA1
9b2395ad21e369ebdf743188aec19f32a56567ad
-
SHA256
9443d3d69b5e62fb2c944c1bc14b4d4ad21f3e0c70826b0d800e09eb9fb82d3f
-
SHA512
d66165ac1263e19a443298de27b2b74d776909cc3a30f280f951d7e561b5a628935168c931e3b74ea8e6d4567d8a34b6d42fa502842ddda9eb89704e745204f8
Static task
static1
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
9443d3d69b5e62fb2c944c1bc14b4d4ad21f3e0c70826b0d800e09eb9fb82d3f
-
Size
11KB
-
MD5
b5793c6501fdaa272cb87931977d4aac
-
SHA1
9b2395ad21e369ebdf743188aec19f32a56567ad
-
SHA256
9443d3d69b5e62fb2c944c1bc14b4d4ad21f3e0c70826b0d800e09eb9fb82d3f
-
SHA512
d66165ac1263e19a443298de27b2b74d776909cc3a30f280f951d7e561b5a628935168c931e3b74ea8e6d4567d8a34b6d42fa502842ddda9eb89704e745204f8
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-