General
-
Target
85f0af15d708b6a2ea67a30f2a858efc9f32af678a5633289c297f588443cd7a
-
Size
292KB
-
Sample
210920-s87bsahben
-
MD5
f6200b9b9789794de4a8d78f4ae96d22
-
SHA1
1d18c71e7e4de5c6216653db5effba586345597c
-
SHA256
85f0af15d708b6a2ea67a30f2a858efc9f32af678a5633289c297f588443cd7a
-
SHA512
5fd2e93293bf2ebe5b68e747dbed842c2f4fcd74dce883ffa7daa6daf647e41f4b1926fdf2f05048b3024609ef6805fb2a6b501c92335ab37098dfb6d4defa72
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
85f0af15d708b6a2ea67a30f2a858efc9f32af678a5633289c297f588443cd7a
-
Size
292KB
-
MD5
f6200b9b9789794de4a8d78f4ae96d22
-
SHA1
1d18c71e7e4de5c6216653db5effba586345597c
-
SHA256
85f0af15d708b6a2ea67a30f2a858efc9f32af678a5633289c297f588443cd7a
-
SHA512
5fd2e93293bf2ebe5b68e747dbed842c2f4fcd74dce883ffa7daa6daf647e41f4b1926fdf2f05048b3024609ef6805fb2a6b501c92335ab37098dfb6d4defa72
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-