General
-
Target
173e540463300babea87380df68d79c2.exe
-
Size
888KB
-
Sample
210701-c6lyh6xdfn
-
MD5
173e540463300babea87380df68d79c2
-
SHA1
2743c5503618c05afa9cea47b04d4965c1539d9a
-
SHA256
51297f05449c2fe207a4635e0d1123c137bfdfd97157e09b00af119733952197
-
SHA512
f2e3f94c0c8a32ef545f11da9ff6924f8d906b6099ce0239b7308dc8216b4b7055e642c1aea212e9147911bc275a455e51f0f6fb67ba24264a6728823c8c53fa
Malware Config
Extracted
xpertrat
3.0.10
special X
mertrerfeyy.duckdns.org:8494
gwtruwhgw.duckdns.org:8494
dfgrttuutii.duckdns.org:8494
M2P7W1K1-J110-W5Y5-F7Y0-B2B7A0M6B1K7
Targets
-
-
Target
173e540463300babea87380df68d79c2.exe
-
Size
888KB
-
MD5
173e540463300babea87380df68d79c2
-
SHA1
2743c5503618c05afa9cea47b04d4965c1539d9a
-
SHA256
51297f05449c2fe207a4635e0d1123c137bfdfd97157e09b00af119733952197
-
SHA512
f2e3f94c0c8a32ef545f11da9ff6924f8d906b6099ce0239b7308dc8216b4b7055e642c1aea212e9147911bc275a455e51f0f6fb67ba24264a6728823c8c53fa
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-