xpertrat | b642ee9e0c62dcbb71ca4e722dc7a45e090ac60bd35f34c3199ad98c568cde6b | Triage

Submit
Reports

Overview

overview

Static

static

Castor.exe

windows7_x64

Castor.exe

windows10_x64

Sharing

General

Target

Castor.exe
Size

172KB
Sample

201021-675ch83rj2
MD5

720f271211bc96a23df00598e1f15656
SHA1

2cb26257e261f7c0a2d82405b76963f4008fd531
SHA256

b642ee9e0c62dcbb71ca4e722dc7a45e090ac60bd35f34c3199ad98c568cde6b
SHA512

924fe625eff79a0a275f0389fbb42bffcc74b2263054b390f42a7e51121611617b362d23d8010a8102f67769d6a3935d117003352da1a7b286545450e53c3645

Score

10^/10

xpertrat micro evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Castor.exe

Resource

win7v200722

xpertrat micro evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Castor.exe

Resource

win10

xpertrat micro evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

micro

C2

127.0.0.1:666

185.165.153.219:2819

Mutex

V1B5T2E0-T6R4-O5P1-P7G0-X443Q1Y6T3M3

Targets

- Target
  
  Castor.exe
- Size
  
  172KB
- MD5
  
  720f271211bc96a23df00598e1f15656
- SHA1
  
  2cb26257e261f7c0a2d82405b76963f4008fd531
- SHA256
  
  b642ee9e0c62dcbb71ca4e722dc7a45e090ac60bd35f34c3199ad98c568cde6b
- SHA512
  
  924fe625eff79a0a275f0389fbb42bffcc74b2263054b390f42a7e51121611617b362d23d8010a8102f67769d6a3935d117003352da1a7b286545450e53c3645
Score

10^/10

xpertrat micro evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core Payload
- Adds policy Run key to start application
  persistence
- Deletes itself
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratmicroevasionpersistencerattrojan

behavioral2

xpertratmicroevasionpersistencerattrojan

© 2018-2024

Terms | Privacy