General
-
Target
Specification 788919754.pdf img ind.exe
-
Size
411KB
-
Sample
200817-h4pjdtget2
-
MD5
b93e8fe38d0df20ba517b9d531660a4e
-
SHA1
ebc70668346f27b9c31759b335c3f6cb619c71b5
-
SHA256
293bf5eeec6d5d30ee3b3d26f73d6cb81f4e080a449774fc8d2c3a724454f521
-
SHA512
fa07022ab0d2d48066017e8283a9adab2fa2f8aebac2113ec451bd5b339639d0771fd975a92072bdabb24c24f4f40c25707aa9ec3d906104db9c59ba6ddf675d
Malware Config
Extracted
xpertrat
3.0.10
special X
sandshoe.myfirewall.org:4000
79.134.225.85:4000
F4S7P6J0-V116-K8H5-A6F1-U1L8V8A4B6R5
Targets
-
-
Target
Specification 788919754.pdf img ind.exe
-
Size
411KB
-
MD5
b93e8fe38d0df20ba517b9d531660a4e
-
SHA1
ebc70668346f27b9c31759b335c3f6cb619c71b5
-
SHA256
293bf5eeec6d5d30ee3b3d26f73d6cb81f4e080a449774fc8d2c3a724454f521
-
SHA512
fa07022ab0d2d48066017e8283a9adab2fa2f8aebac2113ec451bd5b339639d0771fd975a92072bdabb24c24f4f40c25707aa9ec3d906104db9c59ba6ddf675d
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-