General
-
Target
PO#6018634905997.exe
-
Size
752KB
-
Sample
211117-r5amzahhhp
-
MD5
2baa57736614617e99b07fd3423fde0f
-
SHA1
2269a37e82a8fc09e68687eeb7214b7255726875
-
SHA256
8ffc84f1b1316cbcf2e68048631900210632b86e14307c3835ad7a4286bf18d5
-
SHA512
b4cbdedadece43b66a0b20cb88d924c2a4345f401c8a217a318ec7a9ebb679210ed4b98cc2ac3d3325eca384612751c962043bca2a7bdb533845d2aad9ca1e43
Malware Config
Targets
-
-
Target
PO#6018634905997.exe
-
Size
752KB
-
MD5
2baa57736614617e99b07fd3423fde0f
-
SHA1
2269a37e82a8fc09e68687eeb7214b7255726875
-
SHA256
8ffc84f1b1316cbcf2e68048631900210632b86e14307c3835ad7a4286bf18d5
-
SHA512
b4cbdedadece43b66a0b20cb88d924c2a4345f401c8a217a318ec7a9ebb679210ed4b98cc2ac3d3325eca384612751c962043bca2a7bdb533845d2aad9ca1e43
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Program crash
-
Suspicious use of SetThreadContext
-