General
-
Target
704ce624d4906a3cf343562b90249b58.exe
-
Size
759KB
-
Sample
210713-rqxjfxcezj
-
MD5
704ce624d4906a3cf343562b90249b58
-
SHA1
c007c6fb7c85795c2cdf5b2171392dedf72a5c9e
-
SHA256
59d18f1afca7fa22d68455d412c29949993c21edfb3658091bdad62093e0f818
-
SHA512
d3c285ce095cb72dc4fb7de298bc59235ed727bb99fbe0c0eea7f4aea53b4270d707ae164866dc18eef268375b3f683e7506f3582210b59d0e1fdf6aac8e1f08
Malware Config
Extracted
xpertrat
3.1.9
BXK
ioxg.ix.tc:4000
R4W8O5A3-P0G7-Q7U5-H114-L7S6L4U0I6I6
Targets
-
-
Target
704ce624d4906a3cf343562b90249b58.exe
-
Size
759KB
-
MD5
704ce624d4906a3cf343562b90249b58
-
SHA1
c007c6fb7c85795c2cdf5b2171392dedf72a5c9e
-
SHA256
59d18f1afca7fa22d68455d412c29949993c21edfb3658091bdad62093e0f818
-
SHA512
d3c285ce095cb72dc4fb7de298bc59235ed727bb99fbe0c0eea7f4aea53b4270d707ae164866dc18eef268375b3f683e7506f3582210b59d0e1fdf6aac8e1f08
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Adds policy Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-