Extracted

• • Target

    ca4c550b74e692f05bac96985ef41a10a13e4cb05977e58bd598480c5b0e2553

  • Size

    982KB

  • MD5

    bc04f5148c8c07d10c8399f8730ead3b

  • SHA1

    687400f2367176721b75a42805177120930d93dd

  • SHA256

    ca4c550b74e692f05bac96985ef41a10a13e4cb05977e58bd598480c5b0e2553

  • SHA512

    aad905a571c20eb29de4606c0e0e2ddc763d43c97fb706e84292effbdf2045f4f575813df0f5dad7071251973719b3baa8a82684044b24b9d1881f60834c69c1

  Score

  10^/10

  xpertratbadevasionpersistencerattrojan

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XpertRAT

    XpertRAT is a remote access trojan with various capabilities.

    ratxpertrat

  • XpertRAT Core Payload

  • Adds policy Run key to start application

    persistence

  • Drops startup file

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2