General
-
Target
533fe2e3602ede540e261fef7e04b711.exe
-
Size
60KB
-
Sample
211006-lkfqlaahh2
-
MD5
533fe2e3602ede540e261fef7e04b711
-
SHA1
945e2931b4ca160f9f3025e740cc19e75db25bf6
-
SHA256
1a55b87ef779fe996b8aef3e98ea9252a5ce3a02d3a0a87000554bd41033a215
-
SHA512
c43c0587b660b8f3a03d04e04c953c7ba5375dfec6f23de71e0bab7888e154216a8c38b9f422d854ef14483b6fac93874e0d5483634c7d6d6497088268453184
Static task
static1
Behavioral task
behavioral1
Sample
533fe2e3602ede540e261fef7e04b711.exe
Resource
win7v20210408
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
533fe2e3602ede540e261fef7e04b711.exe
-
Size
60KB
-
MD5
533fe2e3602ede540e261fef7e04b711
-
SHA1
945e2931b4ca160f9f3025e740cc19e75db25bf6
-
SHA256
1a55b87ef779fe996b8aef3e98ea9252a5ce3a02d3a0a87000554bd41033a215
-
SHA512
c43c0587b660b8f3a03d04e04c953c7ba5375dfec6f23de71e0bab7888e154216a8c38b9f422d854ef14483b6fac93874e0d5483634c7d6d6497088268453184
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-