xpertrat | 28b2e9be250b41e1f4ec167dff3620f09597b7292ad23f0c48a8d6cdcc388959 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ_#76242788162.exe

windows7_x64

RFQ_#76242788162.exe

windows10_x64

Sharing

General

Target

RFQ_#76242788162.exe
Size

179KB
Sample

201016-cwrczk6hke
MD5

441ef18a2da7b635c7861e9a502a938b
SHA1

63721215f57495860838e078f0bb73d00ce4817a
SHA256

28b2e9be250b41e1f4ec167dff3620f09597b7292ad23f0c48a8d6cdcc388959
SHA512

e59fe8c48c52405ca03bf2f8ae63eb24dd236411e2ef0210ab8a1cd26faf906d0b13dd4f76ca9816e98b4bbbf8a7e8ed57588c631d9667119e1396525e95dd94

Score

10^/10

xpertrat special x evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ_#76242788162.exe

Resource

win7

xpertrat special x evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ_#76242788162.exe

Resource

win10

xpertrat special x evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

special X

C2

zytriew.duckdns.org:4141

Mutex

Y6K1I7G5-B5F3-V3F4-S5A6-T0V116U8H550

Targets

- Target
  
  RFQ_#76242788162.exe
- Size
  
  179KB
- MD5
  
  441ef18a2da7b635c7861e9a502a938b
- SHA1
  
  63721215f57495860838e078f0bb73d00ce4817a
- SHA256
  
  28b2e9be250b41e1f4ec167dff3620f09597b7292ad23f0c48a8d6cdcc388959
- SHA512
  
  e59fe8c48c52405ca03bf2f8ae63eb24dd236411e2ef0210ab8a1cd26faf906d0b13dd4f76ca9816e98b4bbbf8a7e8ed57588c631d9667119e1396525e95dd94
Score

10^/10

xpertrat special x evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core Payload
- Adds policy Run key to start application
  persistence
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratspecial xevasionpersistencerattrojan

behavioral2

xpertratspecial xevasionpersistencerattrojan

© 2018-2024

Terms | Privacy