General
-
Target
fed0dec9c86e3f1057e7cf1c7eb22c8d528da1f6a966de89587b41f7b78e2f98.bin
-
Size
358KB
-
Sample
210924-cb8kksfebp
-
MD5
d952cb0acf14545d0e6da5509db9088d
-
SHA1
9e4c5b31c821cc46f8eba61d65442f0bdbe67b98
-
SHA256
fed0dec9c86e3f1057e7cf1c7eb22c8d528da1f6a966de89587b41f7b78e2f98
-
SHA512
e66869cc859af82d4ad9db0c877d949905e3f28876e1022f434083e6f26492e3edac72624ce3143ca85446f4bce7ed208e41f846c5bcb13af7343047c7df8ebc
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
fed0dec9c86e3f1057e7cf1c7eb22c8d528da1f6a966de89587b41f7b78e2f98.bin
-
Size
358KB
-
MD5
d952cb0acf14545d0e6da5509db9088d
-
SHA1
9e4c5b31c821cc46f8eba61d65442f0bdbe67b98
-
SHA256
fed0dec9c86e3f1057e7cf1c7eb22c8d528da1f6a966de89587b41f7b78e2f98
-
SHA512
e66869cc859af82d4ad9db0c877d949905e3f28876e1022f434083e6f26492e3edac72624ce3143ca85446f4bce7ed208e41f846c5bcb13af7343047c7df8ebc
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-