xpertrat | 36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a | Triage

Sharing

General

Target

2cd4afe2b620eb73e0adc46cf8ce8da4.exe
Size

69KB
Sample

211025-jftesafge6
MD5

2cd4afe2b620eb73e0adc46cf8ce8da4
SHA1

e1cb6f41e2eeaae01cc895ea5f7427b70cdf572a
SHA256

36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a
SHA512

f17c7aaa8becb1f783349bf1e042b1c8faa32ed8b6fe4f1576f331b2ab4670792939f6f88f4b5efd735e56a703c00079b7065ac621e647a4d07fa2eea15b4ba8

Score

10^/10

xpertrat evasion persistence rat trojan

Malware Config

Targets

- Target
  
  2cd4afe2b620eb73e0adc46cf8ce8da4.exe
- Size
  
  69KB
- MD5
  
  2cd4afe2b620eb73e0adc46cf8ce8da4
- SHA1
  
  e1cb6f41e2eeaae01cc895ea5f7427b70cdf572a
- SHA256
  
  36e7deadeeb8b242b2cdbf3b561899ed1ac51bbdbc194ab046ae961c76e0086a
- SHA512
  
  f17c7aaa8becb1f783349bf1e042b1c8faa32ed8b6fe4f1576f331b2ab4670792939f6f88f4b5efd735e56a703c00079b7065ac621e647a4d07fa2eea15b4ba8
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xpertratevasionpersistencerattrojan