xpertrat | 36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a
Size

69KB
Sample

211024-3m5aeafdc7
MD5

2cd4afe2b620eb73e0adc46cf8ce8da4
SHA1

e1cb6f41e2eeaae01cc895ea5f7427b70cdf572a
SHA256

36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a
SHA512

f17c7aaa8becb1f783349bf1e042b1c8faa32ed8b6fe4f1576f331b2ab4670792939f6f88f4b5efd735e56a703c00079b7065ac621e647a4d07fa2eea15b4ba8

Score

10^/10

xpertrat collection evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a.exe

Resource

win10-en-20210920

xpertrat collection evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a
- Size
  
  69KB
- MD5
  
  2cd4afe2b620eb73e0adc46cf8ce8da4
- SHA1
  
  e1cb6f41e2eeaae01cc895ea5f7427b70cdf572a
- SHA256
  
  36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a
- SHA512
  
  f17c7aaa8becb1f783349bf1e042b1c8faa32ed8b6fe4f1576f331b2ab4670792939f6f88f4b5efd735e56a703c00079b7065ac621e647a4d07fa2eea15b4ba8
Score

10^/10

xpertrat collection evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratcollectionevasionpersistencerattrojan

© 2018-2024

Terms | Privacy