Overview

overview

10

Static

static

EXCEL.exe

windows7_x64

10

EXCEL.exe

windows10_x64

10

Resubmissions

30-09-2021 08:52

210930-ks4xqahbdl 10

30-09-2021 08:44

210930-km65wshac3 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EXCEL.exe

  • Size

    503KB

  • Sample

    210930-km65wshac3

  • MD5

    cb12b24b0f69225693168e9c35761a1b

  • SHA1

    0f68f676d76e3546d7d625cdb14f0947c59beff5

  • SHA256

    c830683f700f311fe3d533d849cf045b1cbed5ff76debaa6c3dd8f71c0daa535

  • SHA512

    9d53b958b83d8599d0eb1ee4766f03a735cd557290921ded296513e34fd2886ff78382e9a1616613c566d0be9cd5c381fa4de6b86a921d0a33aac1c499d00c65

Score
10/10
xpertrattestevasionpersistencerattrojan

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

Test

C2

kapasky-antivirus.firewall-gateway.net:4000

Mutex

L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0

Targets

    • Target

      EXCEL.exe

    • Size

      503KB

    • MD5

      cb12b24b0f69225693168e9c35761a1b

    • SHA1

      0f68f676d76e3546d7d625cdb14f0947c59beff5

    • SHA256

      c830683f700f311fe3d533d849cf045b1cbed5ff76debaa6c3dd8f71c0daa535

    • SHA512

      9d53b958b83d8599d0eb1ee4766f03a735cd557290921ded296513e34fd2886ff78382e9a1616613c566d0be9cd5c381fa4de6b86a921d0a33aac1c499d00c65

    Score
    10/10
    xpertrattestevasionpersistencerattrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

3
T1089

Modify Registry

6
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks