General
-
Target
66587368e39228edf1f6034794f17579.exe
-
Size
419KB
-
Sample
210625-pk4d2fbkzj
-
MD5
66587368e39228edf1f6034794f17579
-
SHA1
31268b1ac9bb83c698eadf5e74f65d58b12d2a50
-
SHA256
b6b8326fd527390a435242178b6a45a973c4516d831669ce7527c5d97e90ab10
-
SHA512
fdf02be618eb51fbdafa952b2eb60801d8448f0078c2127024ae2eb4d2542fdabad14bf0e5b127bea5c891a1986ed857032d1a519f3fc537e8296b7bb6a2d9f6
Malware Config
Extracted
xpertrat
3.0.10
special X
mertrerfeyy.duckdns.org:8494
gwtruwhgw.duckdns.org:8494
dfgrttuutii.duckdns.org:8494
J0B4S3L1-T6W3-H2L6-N2T2-W4T8H1F1E6U4
Targets
-
-
Target
66587368e39228edf1f6034794f17579.exe
-
Size
419KB
-
MD5
66587368e39228edf1f6034794f17579
-
SHA1
31268b1ac9bb83c698eadf5e74f65d58b12d2a50
-
SHA256
b6b8326fd527390a435242178b6a45a973c4516d831669ce7527c5d97e90ab10
-
SHA512
fdf02be618eb51fbdafa952b2eb60801d8448f0078c2127024ae2eb4d2542fdabad14bf0e5b127bea5c891a1986ed857032d1a519f3fc537e8296b7bb6a2d9f6
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-