xpertrat | 5c1fec4300276bd8bd042cf24f256de87350ad32a456578da4eb364de9f3fbfc | Triage

Submit
Reports

Overview

overview

Static

static

ee759b97c8...94.exe

windows7_x64

ee759b97c8...94.exe

windows10_x64

Sharing

General

Target

ee759b97c88356e23b04afa427c6cb94
Size

172KB
Sample

210713-ncsjxmbnrj
MD5

ee759b97c88356e23b04afa427c6cb94
SHA1

439eba6c162e5512533ada4576de9f0e32def9d7
SHA256

5c1fec4300276bd8bd042cf24f256de87350ad32a456578da4eb364de9f3fbfc
SHA512

0447961f3ecfdfb5369cdd6f7bbc8d3455dcc8eaece606c85b9774f9c7981f26fea32133ea1c5214bbf73caea8c936257a1b349d2e7cee171f508ad1d4f050a0

Score

10^/10

xpertrat bxk evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ee759b97c88356e23b04afa427c6cb94.exe

Resource

win7v20210410

xpertrat bxk evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ee759b97c88356e23b04afa427c6cb94.exe

Resource

win10v20210408

xpertrat bxk evasion persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

xpertrat

Version

3.1.9

Botnet

BXK

C2

ioxg.ix.tc:4000

Mutex

R4W8O5A3-P0G7-Q7U5-H114-L7S6L4U0I6I6

Targets

- Target
  
  ee759b97c88356e23b04afa427c6cb94
- Size
  
  172KB
- MD5
  
  ee759b97c88356e23b04afa427c6cb94
- SHA1
  
  439eba6c162e5512533ada4576de9f0e32def9d7
- SHA256
  
  5c1fec4300276bd8bd042cf24f256de87350ad32a456578da4eb364de9f3fbfc
- SHA512
  
  0447961f3ecfdfb5369cdd6f7bbc8d3455dcc8eaece606c85b9774f9c7981f26fea32133ea1c5214bbf73caea8c936257a1b349d2e7cee171f508ad1d4f050a0
Score

10^/10

xpertrat bxk evasion persistence rat trojan upx
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core Payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratbxkevasionpersistencerattrojanupx

behavioral2

xpertratbxkevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy