General
-
Target
Order#003356.exe
-
Size
578KB
-
Sample
211119-kta12ahghq
-
MD5
4ee5645606ba227982aa4534041f3fda
-
SHA1
6528cfad6522e6da12771efe0089b9e9ac18a48a
-
SHA256
c5add9cb099cfea7574003d74a2f4ef075362ed2c70ade79aad6af0286115cb4
-
SHA512
c393f0b11b52707b3c696eb96a7be4a544ecd3be96b6717dea6a9efee94b94fb8a6e234fe8800c6c15f5db3626bc6af7ef51ce6d02b00a8a845dfef403997b13
Static task
static1
Behavioral task
behavioral1
Sample
Order#003356.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Order#003356.exe
Resource
win10-en-20211014
Malware Config
Extracted
xpertrat
3.0.10
BECK CLIENT
accessgran.ydns.eu:6706
R0W4O1A8-P5N3-X331-D1M0-A2W4Q6D8C2R6
Targets
-
-
Target
Order#003356.exe
-
Size
578KB
-
MD5
4ee5645606ba227982aa4534041f3fda
-
SHA1
6528cfad6522e6da12771efe0089b9e9ac18a48a
-
SHA256
c5add9cb099cfea7574003d74a2f4ef075362ed2c70ade79aad6af0286115cb4
-
SHA512
c393f0b11b52707b3c696eb96a7be4a544ecd3be96b6717dea6a9efee94b94fb8a6e234fe8800c6c15f5db3626bc6af7ef51ce6d02b00a8a845dfef403997b13
-
XpertRAT Core Payload
-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Program crash
-
Suspicious use of SetThreadContext
-