General
-
Target
SecuriteInfo.com.Trojan.Siggen10.31344.29315.6962
-
Size
932KB
-
Sample
201008-zrh3wzxxc2
-
MD5
ff05aef9ab76c8f7c5983a2ce3d4e02d
-
SHA1
953459a3a1e598c1d7c28f5a2e52b7c982bc904b
-
SHA256
5183105aacaf926e7358ff33a1503e58d712a9fc97800bbe8e26132284acb414
-
SHA512
b9749ae87e74ac1f591e1fb2eca66dba4f7ee2836424de28c92fd9bed5a85408b1ea7c483e4793c4f50d823ba1dd6ddd60e321d201f31c3388c411aec65903b2
Malware Config
Extracted
xpertrat
3.0.10
xbox
91.193.75.200:4726
79.134.225.97:4726
P4U8N5X3-N0E7-P7T5-M113-K7R6K4S0G6G6
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen10.31344.29315.6962
-
Size
932KB
-
MD5
ff05aef9ab76c8f7c5983a2ce3d4e02d
-
SHA1
953459a3a1e598c1d7c28f5a2e52b7c982bc904b
-
SHA256
5183105aacaf926e7358ff33a1503e58d712a9fc97800bbe8e26132284acb414
-
SHA512
b9749ae87e74ac1f591e1fb2eca66dba4f7ee2836424de28c92fd9bed5a85408b1ea7c483e4793c4f50d823ba1dd6ddd60e321d201f31c3388c411aec65903b2
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-