General
-
Target
66adac15ffbd3e032f0587c33008376c.exe
-
Size
63KB
-
Sample
211019-rsf9zsghcp
-
MD5
66adac15ffbd3e032f0587c33008376c
-
SHA1
ccdfc0b45ff4c9ccdcbbdf5a9e67420e1c75c215
-
SHA256
9eea9caa338a673c1d88240839b08fe021ff9264620e7935ba5cb5bd3d00ebf6
-
SHA512
5f8ec34caa6f7deb99e666bfc505faeb56fd79d202526f3b08e427d08aee046bb82ac9eb3f02368567007dbbe15c8d08d332ab8b9b2c8c22d824ff0e72038502
Malware Config
Targets
-
-
Target
66adac15ffbd3e032f0587c33008376c.exe
-
Size
63KB
-
MD5
66adac15ffbd3e032f0587c33008376c
-
SHA1
ccdfc0b45ff4c9ccdcbbdf5a9e67420e1c75c215
-
SHA256
9eea9caa338a673c1d88240839b08fe021ff9264620e7935ba5cb5bd3d00ebf6
-
SHA512
5f8ec34caa6f7deb99e666bfc505faeb56fd79d202526f3b08e427d08aee046bb82ac9eb3f02368567007dbbe15c8d08d332ab8b9b2c8c22d824ff0e72038502
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-