General
-
Target
40e678e7d38a1541c06d16895d75f856.exe
-
Size
774KB
-
Sample
210421-glv2eppk8e
-
MD5
40e678e7d38a1541c06d16895d75f856
-
SHA1
5faee553c8dc1cc0492d7b8b78329ac56100c040
-
SHA256
7aa6ba1ed3e72514eac19d8b9ee4f95a17e33b63159bc75bd57ad8b38ce6361e
-
SHA512
4abce8638860dc80ec23516aba60cd1c87a66c8a98fb62730e042a8f78841afe45fd2c021f15395a06eb0b4b4e6a95809ce0d8d6806f95c2cc516caa7362be22
Malware Config
Extracted
xpertrat
3.0.10
XXX
kapasky-antivirus.firewall-gateway.net:2054
kapasky-antivirus.firewall-gateway.net:4000
U4G3L113-M7Y0-X0M5-M3D5-U8C7U551Q8Q7
Targets
-
-
Target
40e678e7d38a1541c06d16895d75f856.exe
-
Size
774KB
-
MD5
40e678e7d38a1541c06d16895d75f856
-
SHA1
5faee553c8dc1cc0492d7b8b78329ac56100c040
-
SHA256
7aa6ba1ed3e72514eac19d8b9ee4f95a17e33b63159bc75bd57ad8b38ce6361e
-
SHA512
4abce8638860dc80ec23516aba60cd1c87a66c8a98fb62730e042a8f78841afe45fd2c021f15395a06eb0b4b4e6a95809ce0d8d6806f95c2cc516caa7362be22
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-