Extracted

• • Target

    gunzipped.exe

  • Size

    1.5MB

  • MD5

    bde5cc055efbc8779784a94811e3e5a5

  • SHA1

    629afe08ffe9d3660e7fd3918122af70fa49a5fd

  • SHA256

    21d8f3869dae855f7ddb202eca9bc170074ab405c7741cbd4ffb48960494234f

  • SHA512

    bc5dc3ed61fa9d00866219395a8ef6cb64ef8b7ee2ad20034b5840d5a7d92816bac22f61175eed75ee039a929eb7184a90c3ee480346249a508768c9f6cf15ff

  Score

  10^/10

  xpertratsalesevasionpersistenceratspywarestealertrojanupx

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XpertRAT

    XpertRAT is a remote access trojan with various capabilities.

    ratxpertrat

  • XpertRAT Core Payload

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Adds policy Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2