General
-
Target
CPINV_DEC_02_0200202177199554_PY_2009545682211268563_Pdf.exe
-
Size
3.0MB
-
Sample
211203-hs8jssach6
-
MD5
22ad4f47ce82a255765f2e96b61d78c8
-
SHA1
c260d25d8e49d342d86a3231ff112b9707dc8d8a
-
SHA256
cec4e2234a72035a6c3f4144cccf9ec49f34f56a2a212981606f979be1b85adf
-
SHA512
6eca6d26d8809415c410ca2343adc221dca9c996de4f81fd3765dc53605eb4793b0c655deed31b011382352a7b69370df4eeb239fbcdc474e1d4c876db1328a3
Malware Config
Targets
-
-
Target
CPINV_DEC_02_0200202177199554_PY_2009545682211268563_Pdf.exe
-
Size
3.0MB
-
MD5
22ad4f47ce82a255765f2e96b61d78c8
-
SHA1
c260d25d8e49d342d86a3231ff112b9707dc8d8a
-
SHA256
cec4e2234a72035a6c3f4144cccf9ec49f34f56a2a212981606f979be1b85adf
-
SHA512
6eca6d26d8809415c410ca2343adc221dca9c996de4f81fd3765dc53605eb4793b0c655deed31b011382352a7b69370df4eeb239fbcdc474e1d4c876db1328a3
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Downloads MZ/PE file
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-