xpertrat | f8e52fa75724eb08c0ec68db6799740ad36c7178b8f0dd7c8b0ee755ff60c653 | Triage

Submit
Reports

Overview

overview

Static

static

95a3b26416...64.exe

windows7_x64

95a3b26416...64.exe

windows10_x64

Sharing

General

Target

95a3b26416f41375ef06106fb58a3764.exe
Size

807KB
Sample

210426-kchlc7f78s
MD5

95a3b26416f41375ef06106fb58a3764
SHA1

952f57980d5105d94bc2e0ae389f0cc7e44ae27d
SHA256

f8e52fa75724eb08c0ec68db6799740ad36c7178b8f0dd7c8b0ee755ff60c653
SHA512

160e9dd666333b81c9685a21fd7620b499e9973743b637d4f52a30567c1a81fcc9cba4a984e9c1715dd9d36993034ec0697c36327803754ef725eb6d86e991b8

Score

10^/10

xpertrat xxx evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

95a3b26416f41375ef06106fb58a3764.exe

Resource

win7v20210408

xpertrat xxx evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

95a3b26416f41375ef06106fb58a3764.exe

Resource

win10v20210408

xpertrat xxx evasion persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

XXX

C2

kapasky-antivirus.firewall-gateway.net:2054

kapasky-antivirus.firewall-gateway.net:4000

Mutex

U4G3L113-M7Y0-X0M5-M3D5-U8C7U551Q8Q7

Targets

- Target
  
  95a3b26416f41375ef06106fb58a3764.exe
- Size
  
  807KB
- MD5
  
  95a3b26416f41375ef06106fb58a3764
- SHA1
  
  952f57980d5105d94bc2e0ae389f0cc7e44ae27d
- SHA256
  
  f8e52fa75724eb08c0ec68db6799740ad36c7178b8f0dd7c8b0ee755ff60c653
- SHA512
  
  160e9dd666333b81c9685a21fd7620b499e9973743b637d4f52a30567c1a81fcc9cba4a984e9c1715dd9d36993034ec0697c36327803754ef725eb6d86e991b8
Score

10^/10

xpertrat xxx evasion persistence rat trojan upx
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core Payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xpertratxxxevasionpersistencerattrojanupx

behavioral2

xpertratxxxevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy