Extracted

• • Target

    ExpertRat

  • Size

    805KB

  • MD5

    0ca753d4699587ff19e0cd5719edaff8

  • SHA1

    d465c0b0f0d4aef7da057dcf5a9eefe5cf7e62ee

  • SHA256

    08927d7955b1be7fd05d81a73057242117540094dda7cca1c162f3aea18c2854

  • SHA512

    ba14ad1651c7b4aefcdec9096312c1ede3c9d11c82393d24c066da74d55f8a059be4ce3dcc1013fb0f06741cb1e2e8346d72860cf8d81214e9a0328ea7894567

  Score

  10^/10

  xpertratwinevasionpersistencerattrojanupx

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XpertRAT

    XpertRAT is a remote access trojan with various capabilities.

    ratxpertrat

  • XpertRAT Core Payload

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Adds policy Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Program crash

  • Suspicious use of SetThreadContext

  behavioral1behavioral2