Extracted

• • Target

    d97e3dcbb6d173e9f0d3b76fbecdad0d.exe

  • Size

    799KB

  • MD5

    d97e3dcbb6d173e9f0d3b76fbecdad0d

  • SHA1

    e4a169cece454e23c0de2aa3bec30a08d1422e25

  • SHA256

    ad7352ddb27f165faa309916430d17aead69a6359f74d163c0c488bb551b3fb0

  • SHA512

    4a928ef2927822b7919b017f2c1b073a9c88c1adbd572fbf2ec66bb4933ea8642075678c0a32817b4ca529f9730fd0c3f4f43daa34dfa09a66faf1d86220ef3c

  Score

  10^/10

  xpertratspecial xevasionpersistencerattrojanupx

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XpertRAT

    XpertRAT is a remote access trojan with various capabilities.

    ratxpertrat

  • XpertRAT Core Payload

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Adds policy Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Program crash

  • Suspicious use of SetThreadContext

  behavioral1behavioral2