General
-
Target
be15093a407e5b70f5539df5eb1c18d0aedee626f6dc7e9db262c29bfe39ba3c
-
Size
604KB
-
Sample
231012-txy2psde75
-
MD5
cb1ccbc5c88657e1f63a2cd3b1c240b6
-
SHA1
f237f76e21cbe5edf11a33ba05265df25c665050
-
SHA256
be15093a407e5b70f5539df5eb1c18d0aedee626f6dc7e9db262c29bfe39ba3c
-
SHA512
0a08c6bb26268d1a902c9bbb28a583e364e565d745fa83a4bc3ef2d4ecd237a049f192467476bb0fd0f0c14addc8be4412481f8cb8e6a1a6dcec36d600d46298
-
SSDEEP
12288:BYWAfDuHOXdZV8c5ZGdMc5aMWjrP8N3+Qk0Duy:BYWgTZScqpUP8NEA7
Static task
static1
Behavioral task
behavioral1
Sample
be15093a407e5b70f5539df5eb1c18d0aedee626f6dc7e9db262c29bfe39ba3c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
be15093a407e5b70f5539df5eb1c18d0aedee626f6dc7e9db262c29bfe39ba3c.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
xpertrat
3.0.10
STRIGIO
sandshoe.myfirewall.org:5344
I8N3F0X7-G4E2-P2S0-T0D7-R1N2H5T660I4
Targets
-
-
Target
be15093a407e5b70f5539df5eb1c18d0aedee626f6dc7e9db262c29bfe39ba3c
-
Size
604KB
-
MD5
cb1ccbc5c88657e1f63a2cd3b1c240b6
-
SHA1
f237f76e21cbe5edf11a33ba05265df25c665050
-
SHA256
be15093a407e5b70f5539df5eb1c18d0aedee626f6dc7e9db262c29bfe39ba3c
-
SHA512
0a08c6bb26268d1a902c9bbb28a583e364e565d745fa83a4bc3ef2d4ecd237a049f192467476bb0fd0f0c14addc8be4412481f8cb8e6a1a6dcec36d600d46298
-
SSDEEP
12288:BYWAfDuHOXdZV8c5ZGdMc5aMWjrP8N3+Qk0Duy:BYWgTZScqpUP8NEA7
-
XpertRAT Core payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2