General
-
Target
4ef7b35bd9151fc5538c06ae79a0e2fc.exe
-
Size
1.4MB
-
Sample
211007-pabwfacegj
-
MD5
4ef7b35bd9151fc5538c06ae79a0e2fc
-
SHA1
c45198609f71e795ccc9e5a2ec1ad3162141da76
-
SHA256
3e77ec2e0bbc394a1841bfb8f9b004f93fcbc35b401580abd01c92c41b6635aa
-
SHA512
aef9ad91b889f4c615dc278ebedc0017a32b3024fef812ae90929dac7c83a0cb4a41fcb26d4bee2588ffebf50745cdd9174a73e44b83db99fefccf6e9b18615d
Static task
static1
Behavioral task
behavioral1
Sample
4ef7b35bd9151fc5538c06ae79a0e2fc.exe
Resource
win7-en-20210920
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
4ef7b35bd9151fc5538c06ae79a0e2fc.exe
-
Size
1.4MB
-
MD5
4ef7b35bd9151fc5538c06ae79a0e2fc
-
SHA1
c45198609f71e795ccc9e5a2ec1ad3162141da76
-
SHA256
3e77ec2e0bbc394a1841bfb8f9b004f93fcbc35b401580abd01c92c41b6635aa
-
SHA512
aef9ad91b889f4c615dc278ebedc0017a32b3024fef812ae90929dac7c83a0cb4a41fcb26d4bee2588ffebf50745cdd9174a73e44b83db99fefccf6e9b18615d
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-