SecuriteInfo.com.ArtemisTrojan.29409

General
Target

SecuriteInfo.com.ArtemisTrojan.29409

Size

1MB

Sample

201125-m9haf868je

Score
10 /10
MD5

a46cbc94fc5553868d63469acad6747f

SHA1

6ca6c3d3fe0b5826c6b3d82144ab745bea2226f7

SHA256

187cd525a046dd304b15ad47a1f8923546cc97a21afae5a2344cf8cac5c5b550

SHA512

0151f9a54ce8a023da7e3450973b2a1718dc6b234c5f53f97e2f08fbff3b8c465cebcc1be53503d76b404cf7ee5ce22c56478a261376fa622ae826122d4dd17c

Malware Config
Targets
Target

SecuriteInfo.com.ArtemisTrojan.29409

MD5

a46cbc94fc5553868d63469acad6747f

Filesize

1MB

Score
10 /10
SHA1

6ca6c3d3fe0b5826c6b3d82144ab745bea2226f7

SHA256

187cd525a046dd304b15ad47a1f8923546cc97a21afae5a2344cf8cac5c5b550

SHA512

0151f9a54ce8a023da7e3450973b2a1718dc6b234c5f53f97e2f08fbff3b8c465cebcc1be53503d76b404cf7ee5ce22c56478a261376fa622ae826122d4dd17c

Tags

Signatures

  • UAC bypass

    Tags

    TTPs

    Bypass User Account Control Disabling Security Tools Modify Registry
  • Windows security bypass

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • XpertRAT

    Description

    XpertRAT is a remote access trojan with various capabilities.

    Tags

  • XpertRAT Core Payload

  • Adds policy Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Windows security modification

    Tags

    TTPs

    Disabling Security Tools Modify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                  Tasks

                  static1

                  9/10