General
-
Target
7560b03d9721036181565287e85d9525.exe
-
Size
1.1MB
-
Sample
211015-jm5rdsbddq
-
MD5
7560b03d9721036181565287e85d9525
-
SHA1
447c0d915c9236b5f3221bfbe05e5b57785d3142
-
SHA256
f2926aaea4603961e15c9ac92eb599ddd51bd6e19bd7fded285a1db16753db87
-
SHA512
fb38977856b6d4702b1793916c90b0b595dc8881457d6a2a98ba488f80e444314a5e1cdaa0f6a741e6c12b129195fd04f499d84a4cca32386c64fe58ccdfe583
Malware Config
Targets
-
-
Target
7560b03d9721036181565287e85d9525.exe
-
Size
1.1MB
-
MD5
7560b03d9721036181565287e85d9525
-
SHA1
447c0d915c9236b5f3221bfbe05e5b57785d3142
-
SHA256
f2926aaea4603961e15c9ac92eb599ddd51bd6e19bd7fded285a1db16753db87
-
SHA512
fb38977856b6d4702b1793916c90b0b595dc8881457d6a2a98ba488f80e444314a5e1cdaa0f6a741e6c12b129195fd04f499d84a4cca32386c64fe58ccdfe583
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-