General

  • Target

    SecuriteInfo.com.ArtemisTrojan.29409

  • Size

    1.0MB

  • Sample

    201125-m9haf868je

  • MD5

    a46cbc94fc5553868d63469acad6747f

  • SHA1

    6ca6c3d3fe0b5826c6b3d82144ab745bea2226f7

  • SHA256

    187cd525a046dd304b15ad47a1f8923546cc97a21afae5a2344cf8cac5c5b550

  • SHA512

    0151f9a54ce8a023da7e3450973b2a1718dc6b234c5f53f97e2f08fbff3b8c465cebcc1be53503d76b404cf7ee5ce22c56478a261376fa622ae826122d4dd17c

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

special X

C2

zytriew.duckdns.org:4145

papertyy.duckdns.org:4145

ghytrty.duckdns.org:4145

Mutex

J0X3M1G4-A0Q6-T8A5-M5I7-G224Y4X0N7E0

Targets

    • Target

      SecuriteInfo.com.ArtemisTrojan.29409

    • Size

      1.0MB

    • MD5

      a46cbc94fc5553868d63469acad6747f

    • SHA1

      6ca6c3d3fe0b5826c6b3d82144ab745bea2226f7

    • SHA256

      187cd525a046dd304b15ad47a1f8923546cc97a21afae5a2344cf8cac5c5b550

    • SHA512

      0151f9a54ce8a023da7e3450973b2a1718dc6b234c5f53f97e2f08fbff3b8c465cebcc1be53503d76b404cf7ee5ce22c56478a261376fa622ae826122d4dd17c

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

3
T1089

Modify Registry

6
T1112

Discovery

System Information Discovery

1
T1082

Tasks