General
-
Target
63a7dd2640491df5075a08bf335545a6.exe
-
Size
1.9MB
-
Sample
210424-s7r34jmvln
-
MD5
63a7dd2640491df5075a08bf335545a6
-
SHA1
6bcdaa6627936d1c438d47016ad12ff018895fa6
-
SHA256
5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b
-
SHA512
4e728c1d4d39efddc736c309fd5654cae0106ccaed8d40b9fc395a40576526e8e67afb6f974944c30ecf96476fe233aeeae56581d0647cb7d162ffbfeae0d756
Malware Config
Extracted
xpertrat
3.0.10
special X
ghytrty.duckdns.org:4145
spapertyy.duckdns.org:4145
L3Q7I4T2-J8A6-K6O4-W4G3-T5J7D0W2V5E0
Targets
-
-
Target
63a7dd2640491df5075a08bf335545a6.exe
-
Size
1.9MB
-
MD5
63a7dd2640491df5075a08bf335545a6
-
SHA1
6bcdaa6627936d1c438d47016ad12ff018895fa6
-
SHA256
5c32fd3de4bce60a2529cebc5f47b8a1562ea9bd22549f829b22b0533b32f79b
-
SHA512
4e728c1d4d39efddc736c309fd5654cae0106ccaed8d40b9fc395a40576526e8e67afb6f974944c30ecf96476fe233aeeae56581d0647cb7d162ffbfeae0d756
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-