Extracted

• • Target

    939a42faab70585cf4aed59c73425492.exe

  • Size

    472KB

  • MD5

    939a42faab70585cf4aed59c73425492

  • SHA1

    ccc57ed7de341f637e1ba6e671105ec304bd2c4b

  • SHA256

    06febadb1cc71ef3987c339b7c862ea4cd32656c372c4f266cd1af68c355a0c0

  • SHA512

    04a845f4b4db9f8fb923a10db65a1cac6cce46f52aa46eaa124b7aa710e7d063555e93f93e26dfb9fa3c28425297d080f69025fcbc73801825154cbf659abe00

  Score

  10^/10

  xpertratspecial xevasionpersistencerattrojanupx

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XpertRAT

    XpertRAT is a remote access trojan with various capabilities.

    ratxpertrat

  • XpertRAT Core Payload

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Adds policy Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Program crash

  • Suspicious use of SetThreadContext

  behavioral1behavioral2