General
-
Target
ca4c550b74e692f05bac96985ef41a10a13e4cb05977e58bd598480c5b0e2553
-
Size
982KB
-
Sample
210513-4c2b1artsx
-
MD5
bc04f5148c8c07d10c8399f8730ead3b
-
SHA1
687400f2367176721b75a42805177120930d93dd
-
SHA256
ca4c550b74e692f05bac96985ef41a10a13e4cb05977e58bd598480c5b0e2553
-
SHA512
aad905a571c20eb29de4606c0e0e2ddc763d43c97fb706e84292effbdf2045f4f575813df0f5dad7071251973719b3baa8a82684044b24b9d1881f60834c69c1
Malware Config
Extracted
xpertrat
3.0.10
bad
joeing.dnsfor.me:2011
K8P3H007-I4G2-R2U0-V0F8-T1P2J5V771K5
Targets
-
-
Target
ca4c550b74e692f05bac96985ef41a10a13e4cb05977e58bd598480c5b0e2553
-
Size
982KB
-
MD5
bc04f5148c8c07d10c8399f8730ead3b
-
SHA1
687400f2367176721b75a42805177120930d93dd
-
SHA256
ca4c550b74e692f05bac96985ef41a10a13e4cb05977e58bd598480c5b0e2553
-
SHA512
aad905a571c20eb29de4606c0e0e2ddc763d43c97fb706e84292effbdf2045f4f575813df0f5dad7071251973719b3baa8a82684044b24b9d1881f60834c69c1
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Drops startup file
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-