General
-
Target
Új megrendelés - 00905173088 CPTL árajánlat - egyenként 100.exe
-
Size
110KB
-
Sample
240208-qlmyhsfd78
-
MD5
e18a8e37b5d2cfaec89222fd74c88081
-
SHA1
19a794cb433dc4445e33becc7c2ce7d211baefa6
-
SHA256
31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d
-
SHA512
287358b925ff7a6e214ea29612461c94fbc12eb145a8ed3cfc8a7400151a6fe7ebc399d6ae0ad22d31dd8b9e2082668957a30baca807502cf1a78beb33b5c2c8
-
SSDEEP
1536:Kx+EiewYluxHtThsiP34bbCaFJqIc5fpD7/xL:KrvyRhsiffaKIc5hDF
Static task
static1
Behavioral task
behavioral1
Sample
Új megrendelés - 00905173088 CPTL árajánlat - egyenként 100.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Új megrendelés - 00905173088 CPTL árajánlat - egyenként 100.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xpertrat
3.0.10
BLAZE
twart.myfirewall.org:5344
A6G228Q5-H8G1-F1T6-U4K6-C1J007E2X0Y8
Targets
-
-
Target
Új megrendelés - 00905173088 CPTL árajánlat - egyenként 100.exe
-
Size
110KB
-
MD5
e18a8e37b5d2cfaec89222fd74c88081
-
SHA1
19a794cb433dc4445e33becc7c2ce7d211baefa6
-
SHA256
31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d
-
SHA512
287358b925ff7a6e214ea29612461c94fbc12eb145a8ed3cfc8a7400151a6fe7ebc399d6ae0ad22d31dd8b9e2082668957a30baca807502cf1a78beb33b5c2c8
-
SSDEEP
1536:Kx+EiewYluxHtThsiP34bbCaFJqIc5fpD7/xL:KrvyRhsiffaKIc5hDF
-
XpertRAT Core payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2