General
-
Target
2cb032be3ffbf1a86e75669f6ff3e088.exe
-
Size
12KB
-
Sample
211004-mdny3agbc3
-
MD5
2cb032be3ffbf1a86e75669f6ff3e088
-
SHA1
bd801dff881983fad20212b5ee5cb7cc65845bf5
-
SHA256
5bdc764598795f4afcb70f6ff95f29114f61ea24a1d836838125c08268e13de9
-
SHA512
1d0cae94138772ffb87823012e88631ae531720aa0225e30cf298ed0b2326c17c41c64edd9002026eef552a91664edcfcce69b0d3480e44e21b95e7fc7158726
Malware Config
Extracted
xpertrat
3.0.10
Test
kapasky-antivirus.firewall-gateway.net:4000
L3Q7J4T2-J8A6-L6O4-W4G3-U5J7D0W2W5F0
Targets
-
-
Target
2cb032be3ffbf1a86e75669f6ff3e088.exe
-
Size
12KB
-
MD5
2cb032be3ffbf1a86e75669f6ff3e088
-
SHA1
bd801dff881983fad20212b5ee5cb7cc65845bf5
-
SHA256
5bdc764598795f4afcb70f6ff95f29114f61ea24a1d836838125c08268e13de9
-
SHA512
1d0cae94138772ffb87823012e88631ae531720aa0225e30cf298ed0b2326c17c41c64edd9002026eef552a91664edcfcce69b0d3480e44e21b95e7fc7158726
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-