General
-
Target
27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
-
Size
795KB
-
Sample
231012-szc2ksgh2x
-
MD5
102dfca73df9a539a34b886349365381
-
SHA1
35b90a9ae3dc136502102017c0488c5fc028eae1
-
SHA256
27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
-
SHA512
4335a75a836ebb5c9f589d36bd9b96fa6c3c751ff37caf23805317cdd5082fef0fb3ed198ebdb90cde6e9700d4b0ede2233b6bab8cb421d193c1099510733316
-
SSDEEP
12288:Q84kSMdr3GNUAn9cNNeX8X/iTS46omh7lZyxa6A0KG384C26ygrxNU4Jpth9+8PZ:Q8fUc6ApGLC7ysxD1d/4e
Static task
static1
Behavioral task
behavioral1
Sample
27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
xpertrat
3.0.10
STRIGIO
sandshoe.myfirewall.org:5344
I8N3F0X7-G4E2-P2S0-T0D7-R1N2H5T660I4
Targets
-
-
Target
27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
-
Size
795KB
-
MD5
102dfca73df9a539a34b886349365381
-
SHA1
35b90a9ae3dc136502102017c0488c5fc028eae1
-
SHA256
27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
-
SHA512
4335a75a836ebb5c9f589d36bd9b96fa6c3c751ff37caf23805317cdd5082fef0fb3ed198ebdb90cde6e9700d4b0ede2233b6bab8cb421d193c1099510733316
-
SSDEEP
12288:Q84kSMdr3GNUAn9cNNeX8X/iTS46omh7lZyxa6A0KG384C26ygrxNU4Jpth9+8PZ:Q8fUc6ApGLC7ysxD1d/4e
-
XpertRAT Core payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2