xpertrat | d5325b0dfdd73327d48c0e069567ce843a68f10d7fe0301a74dad13d6422eee2 | Triage

Submit
Reports

Overview

overview

Static

static

d76c5a676e...5d.exe

windows7_x64

d76c5a676e...5d.exe

windows10_x64

Sharing

General

Target

d76c5a676e641b431ac0a9dded9c505d.exe
Size

823KB
Sample

210421-1p191zhsbx
MD5

d76c5a676e641b431ac0a9dded9c505d
SHA1

62bc6251747312cc7307c2c49cf14d511d0bfcdd
SHA256

d5325b0dfdd73327d48c0e069567ce843a68f10d7fe0301a74dad13d6422eee2
SHA512

0c4c8206529fe1469476e2e51c01a6bf3d6a5444c223ed074925c324fe235214272d010ab42ce9478f2e31a7f7aff6d7eb885f569d7cc7ac67c27aa6c49b73c9

Score

10^/10

xpertrat xxx evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

d76c5a676e641b431ac0a9dded9c505d.exe

Resource

win7v20210408

xpertrat xxx evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d76c5a676e641b431ac0a9dded9c505d.exe

Resource

win10v20210410

xpertrat xxx evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

XXX

C2

kapasky-antivirus.firewall-gateway.net:2054

kapasky-antivirus.firewall-gateway.net:4000

Mutex

U4G3L113-M7Y0-X0M5-M3D5-U8C7U551Q8Q7

Targets

- Target
  
  d76c5a676e641b431ac0a9dded9c505d.exe
- Size
  
  823KB
- MD5
  
  d76c5a676e641b431ac0a9dded9c505d
- SHA1
  
  62bc6251747312cc7307c2c49cf14d511d0bfcdd
- SHA256
  
  d5325b0dfdd73327d48c0e069567ce843a68f10d7fe0301a74dad13d6422eee2
- SHA512
  
  0c4c8206529fe1469476e2e51c01a6bf3d6a5444c223ed074925c324fe235214272d010ab42ce9478f2e31a7f7aff6d7eb885f569d7cc7ac67c27aa6c49b73c9
Score

10^/10

xpertrat xxx evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core Payload
- Adds policy Run key to start application
  persistence
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xpertratxxxevasionpersistencerattrojan

behavioral2

xpertratxxxevasionpersistencerattrojan

© 2018-2024

Terms | Privacy