General
-
Target
ExpertRat
-
Size
805KB
-
Sample
200908-1lzh9l67ce
-
MD5
0ca753d4699587ff19e0cd5719edaff8
-
SHA1
d465c0b0f0d4aef7da057dcf5a9eefe5cf7e62ee
-
SHA256
08927d7955b1be7fd05d81a73057242117540094dda7cca1c162f3aea18c2854
-
SHA512
ba14ad1651c7b4aefcdec9096312c1ede3c9d11c82393d24c066da74d55f8a059be4ce3dcc1013fb0f06741cb1e2e8346d72860cf8d81214e9a0328ea7894567
Malware Config
Extracted
xpertrat
3.0.10
win
91.193.75.200:4726
N3S7K4V2-L8C6-M6Q5-Y5I3-V6L7F1Y2X5G0
Targets
-
-
Target
ExpertRat
-
Size
805KB
-
MD5
0ca753d4699587ff19e0cd5719edaff8
-
SHA1
d465c0b0f0d4aef7da057dcf5a9eefe5cf7e62ee
-
SHA256
08927d7955b1be7fd05d81a73057242117540094dda7cca1c162f3aea18c2854
-
SHA512
ba14ad1651c7b4aefcdec9096312c1ede3c9d11c82393d24c066da74d55f8a059be4ce3dcc1013fb0f06741cb1e2e8346d72860cf8d81214e9a0328ea7894567
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-