General
-
Target
gunzipped
-
Size
765KB
-
Sample
201027-s29tmeanws
-
MD5
2f7687172e06c6868282ba3e1428aaeb
-
SHA1
3c280b0e41b375b1748884eb1e3413c79f8c5c9a
-
SHA256
88b664781d7b10fc5130cf6453fbde5b26b129f0e2f5e002d62be833b0fcd020
-
SHA512
952301e069759ffb1c7cb71088525cd7c3460398e251d9c375a8dcb9123d3cf41e1fc4f19114ab7eae849acb3c044ccba39ec28184bb7f5197b4a3acbc406151
Malware Config
Extracted
xpertrat
3.0.10
Test
185.244.30.211:4576
G2L6E3O1-E775-G5K4-R4C2-P5F660S1R4A8
Targets
-
-
Target
gunzipped
-
Size
765KB
-
MD5
2f7687172e06c6868282ba3e1428aaeb
-
SHA1
3c280b0e41b375b1748884eb1e3413c79f8c5c9a
-
SHA256
88b664781d7b10fc5130cf6453fbde5b26b129f0e2f5e002d62be833b0fcd020
-
SHA512
952301e069759ffb1c7cb71088525cd7c3460398e251d9c375a8dcb9123d3cf41e1fc4f19114ab7eae849acb3c044ccba39ec28184bb7f5197b4a3acbc406151
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-