MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57db1b0dea41c81d8ad105c99524ede8c1e2d305405f1a40dffc487b7e79ac7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 57db1b0dea41c81d8ad105c99524ede8c1e2d305405f1a40dffc487b7e79ac7e
SHA3-384 hash: db87df0afc3206a402fbf6e8475b78fd1cce27f8d597be24f9d675ae94453ba1d316b9801f63097611079c7221bf1870
SHA1 hash: 16be00deba7aa17d0d2548857aa574b996d8c570
MD5 hash: 146a8502915e143281af081d51621b96
humanhash: two-cat-pizza-sierra
File name:Chemicals Genaral presentation.gz
Download: download sample
Signature XpertRAT
File size:255'719 bytes
First seen:2020-06-30 09:04:34 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:jxVJ7XF7xVbcNb+dIcUpE9l0ZKdAXCYap9IZZNubkdre1WwM3FC8Ss3C47s:jxT5VCBp47ICL6ZPqK+vALSs3CP
TLSH B044239C259B268FE844E2410751F24DF191ABC24ED65CEA018D223B5FF7395A1AFEC8
Reporter @abuse_ch
Tags:gz nVpn RAT XpertRAT


Twitter
@abuse_ch
Malspam distributing XpertRAT:

HELO: vps.gibalto.es
Sending IP: 82.194.93.48
From: procurement <procurement@airproducts.com>
Subject: Tender
Attachment: Chemicals Genaral presentation.gz (contains "Chemicals Genaral presentation.exe")

XpertRAT C2:
79.134.225.85:3135

Hosted on nVpn:

% Information related to '79.134.225.64 - 79.134.225.127'

% Abuse contact for '79.134.225.64 - 79.134.225.127' is 'abuse@your-vpn.network'

inetnum: 79.134.225.64 - 79.134.225.127
netname: YOUR_VPN_NETWORK
country: DE
remarks: ****************************************************
remarks: This subnet belongs to a VPN service provider.
remarks: We protect the right to privacy, which means
remarks: we don't log the activities of our users.
remarks: ****************************************************
admin-c: EH4074-RIPE
tech-c: YVN10-RIPE
status: ASSIGNED PA
abuse-c: YVN10-RIPE
org: ORG-YVN1-RIPE
mnt-by: AF15-MNT
created: 2019-07-19T18:26:38Z
last-modified: 2019-07-19T18:51:28Z
source: RIPE

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 33
Origin country FR FR
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/57db1b0dea41c81d8ad105c99524ede8c1e2d305405f1a40dffc487b7e79ac7e/
ReversingLabs :Status:Benign
Threat name:No data
First seen:2020-06-30 09:06:05 UTC
AV detection:No data
Trust factor:
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

XpertRAT

gz 57db1b0dea41c81d8ad105c99524ede8c1e2d305405f1a40dffc487b7e79ac7e

(this sample)

  
Dropping
XpertRAT
  
Delivery method
Distributed via e-mail attachment

Comments