xpertrat | 4526afe3639de66f7311ab5a6ad2bd6ca4d12d8198f39f276ef114cb8b7e58e3 | Triage

Sharing

General

Target

4526afe3639de66f7311ab5a6ad2bd6ca4d12d8198f39f276ef114cb8b7e58e3
Size

268KB
MD5

768db8b43ed2902e9d7302ec84754585
SHA1

d44d3a6bec102fd2e10e31fd5a2af466e79a9439
SHA256

4526afe3639de66f7311ab5a6ad2bd6ca4d12d8198f39f276ef114cb8b7e58e3
SHA512

d8249425f3f8e14407a6d461c84788b3ad756c738d548610232bb9077ed3f9582915603e33da37c0b5c2b9ba83cb4955eb12685ec2501d1bd9bbab279c1785b2
SSDEEP

3072:N4evOVoI9v0QhO3UZuGAT1PFluuXD5FNof9ziCl7xJMJa/Z6CNvS+xkfx:Mrh0hFtFe9mCBsJaci6+u

Score

10^/10

xbox xpertrat

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

xbox

C2

91.193.75.200:4726

79.134.225.97:4726

Mutex

P4U8N5X3-N0E7-P7T5-M113-K7R6K4S0G6G6

Signatures

XpertRAT Core payload 1 IoCs

Processes:

resource yara_rule

sample xpertrat
Xpertrat family
xpertrat

Files

4526afe3639de66f7311ab5a6ad2bd6ca4d12d8198f39f276ef114cb8b7e58e3
.exe windows x86

237ca8bf125d5d9e5ef0f3b7aae627ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString

msvbvm60

EVENT_SINK_GetIDsOfNames
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord661
ord666
ord667
Zombie_GetTypeInfo
ord669
ord593
ord300
ord594
ord301
ord598
ord599
ord306
ord520
ord307
ord521
ord523
ord709
ord631
ord632
ord525
EVENT_SINK_AddRef
ord527
ord528
ord529
DllFunctionCall
ord563
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord538
ord645
ord570
ord648
ord572
Zombie_AddRef
ord681
ord576
ord577
ord578
ord685
ord100
ord579
ord320
ord321
ord616
ord617
ord618
ord619
ord542
ord650
ord543
ord544
ord545
ord546
ord547
ord580
ord581

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ