xpertrat | bd5c24761ed0f7e6b1741abc9812e18794dd98524a7f4d3a8998d9a71af071ad | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

bd5c24761ed0f7e6b1741abc9812e18794dd98524a7f4d3a8998d9a71af071ad
Size

13KB
Sample

211011-agla5agbe7
MD5

307b16c4e0037078f39c029ad69c1ae7
SHA1

465ff7790e3cffd577e6439ffc15d693baeecffd
SHA256

bd5c24761ed0f7e6b1741abc9812e18794dd98524a7f4d3a8998d9a71af071ad
SHA512

dd1279e86dbd74cff90381afb64f7a37e25add72dc6c059df11fb63cba104124c1c2397778f6d240a8973cac4da24be9e930e978af6939fb8ef8c365d8e464dc

Score

10^/10

xpertrat collection evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

bd5c24761ed0f7e6b1741abc9812e18794dd98524a7f4d3a8998d9a71af071ad.exe

Resource

win10-en-20210920

xpertrat collection evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bd5c24761ed0f7e6b1741abc9812e18794dd98524a7f4d3a8998d9a71af071ad
- Size
  
  13KB
- MD5
  
  307b16c4e0037078f39c029ad69c1ae7
- SHA1
  
  465ff7790e3cffd577e6439ffc15d693baeecffd
- SHA256
  
  bd5c24761ed0f7e6b1741abc9812e18794dd98524a7f4d3a8998d9a71af071ad
- SHA512
  
  dd1279e86dbd74cff90381afb64f7a37e25add72dc6c059df11fb63cba104124c1c2397778f6d240a8973cac4da24be9e930e978af6939fb8ef8c365d8e464dc
Score

10^/10

xpertrat collection evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratcollectionevasionpersistencerattrojan

© 2018-2024

Terms | Privacy