General
-
Target
SecuriteInfo.com.ArtemisTrojan.29409
-
Size
1.0MB
-
Sample
201125-m9haf868je
-
MD5
a46cbc94fc5553868d63469acad6747f
-
SHA1
6ca6c3d3fe0b5826c6b3d82144ab745bea2226f7
-
SHA256
187cd525a046dd304b15ad47a1f8923546cc97a21afae5a2344cf8cac5c5b550
-
SHA512
0151f9a54ce8a023da7e3450973b2a1718dc6b234c5f53f97e2f08fbff3b8c465cebcc1be53503d76b404cf7ee5ce22c56478a261376fa622ae826122d4dd17c
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.ArtemisTrojan.29409.exe
Resource
win7v20201028
Malware Config
Extracted
xpertrat
3.0.10
special X
zytriew.duckdns.org:4145
papertyy.duckdns.org:4145
ghytrty.duckdns.org:4145
J0X3M1G4-A0Q6-T8A5-M5I7-G224Y4X0N7E0
Targets
-
-
Target
SecuriteInfo.com.ArtemisTrojan.29409
-
Size
1.0MB
-
MD5
a46cbc94fc5553868d63469acad6747f
-
SHA1
6ca6c3d3fe0b5826c6b3d82144ab745bea2226f7
-
SHA256
187cd525a046dd304b15ad47a1f8923546cc97a21afae5a2344cf8cac5c5b550
-
SHA512
0151f9a54ce8a023da7e3450973b2a1718dc6b234c5f53f97e2f08fbff3b8c465cebcc1be53503d76b404cf7ee5ce22c56478a261376fa622ae826122d4dd17c
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-