xpertrat | ac0f87add6a605e555dc559282160c2ef708ca2fecc0799442c361c2f37f6828 | Triage

Submit
Reports

Overview

overview

Static

static

INVNOVPAY3...00.exe

windows7_x64

INVNOVPAY3...00.exe

windows10_x64

Sharing

General

Target

INVNOVPAY30002021001199554Pay5443545632211000.exe
Size

1.7MB
Sample

211201-jxrbraaggn
MD5

b139dd38b0aaa785c555310ac2b1c3fd
SHA1

5873995badb3843e97bf6cfe87bcd283c30fb393
SHA256

ac0f87add6a605e555dc559282160c2ef708ca2fecc0799442c361c2f37f6828
SHA512

ea5d759be0547822763607133d3c43ae44fa9f5a5b55ea3ff4456b37152a5243e9911162debb6422473ef0e81c4d33bb0ca7d4c4a978d600beccfa7850c23ecf

Score

10^/10

xpertrat collection evasion persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

INVNOVPAY30002021001199554Pay5443545632211000.exe

Resource

win7-en-20211014

xpertrat collection evasion persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INVNOVPAY30002021001199554Pay5443545632211000.exe

Resource

win10-en-20211104

xpertrat collection evasion persistence rat suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  INVNOVPAY30002021001199554Pay5443545632211000.exe
- Size
  
  1.7MB
- MD5
  
  b139dd38b0aaa785c555310ac2b1c3fd
- SHA1
  
  5873995badb3843e97bf6cfe87bcd283c30fb393
- SHA256
  
  ac0f87add6a605e555dc559282160c2ef708ca2fecc0799442c361c2f37f6828
- SHA512
  
  ea5d759be0547822763607133d3c43ae44fa9f5a5b55ea3ff4456b37152a5243e9911162debb6422473ef0e81c4d33bb0ca7d4c4a978d600beccfa7850c23ecf
Score

10^/10

xpertrat collection evasion persistence rat suricata trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Adds policy Run key to start application
  persistence
- Downloads MZ/PE file
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratcollectionevasionpersistenceratsuricatatrojan

behavioral2

xpertratcollectionevasionpersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy