General

  • Target

    2244-16-0x0000000000400000-0x0000000000443000-memory.dmp

  • Size

    268KB

  • MD5

    21269701cf0d489430f113e635f5ff81

  • SHA1

    b36bd800222d19d6086bbb3418dadb9e467a1297

  • SHA256

    5da0479b3fff8180673c97b47682cb6a65417402b7e5b94648fae1d399fc3145

  • SHA512

    b90b86c12898a64583933b7a4f7964f7d871a55e79fc22ef7f1072b9fc2872e5c8dbff0dbee8621b8ca979cb4b7025b4a16c00eaa02fcc7337375fb54c78f49d

  • SSDEEP

    3072:Q4evOVoI9v0QhO3UZuGAT1PFluuXD5FNof9ziCl7xJMJa/Z6CNvS+xkE2:7rh0hFtFe9mCBsJaci6+a

Score
10/10

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

BLAZE

C2

twart.myfirewall.org:5344

Mutex

A6G228Q5-H8G1-F1T6-U4K6-C1J007E2X0Y8

Signatures

  • XpertRAT Core payload 1 IoCs
  • Xpertrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2244-16-0x0000000000400000-0x0000000000443000-memory.dmp
    .exe windows:4 windows x86 arch:x86

    237ca8bf125d5d9e5ef0f3b7aae627ff


    Headers

    Imports

    Sections