General
-
Target
SPELIST0120Dec-130073_164300887Spec_Pdf.exe
-
Size
1.3MB
-
Sample
211221-n6weaadch2
-
MD5
38f21e75ff73996220385c651b977d13
-
SHA1
c46c478a05c788c60abccf265d58de93115da221
-
SHA256
0580f2e1a63c8db40f25570a673b1620d753d28f55101dd5f9d8270755d69261
-
SHA512
28cbaa62ddc069ec325a61bdb585be6ef76265f9ee1fb75560e19ed99fa429387b488217942fc1e7c1393cefc7546d82abbe63f02ad321d90b31a5682ba1a069
Malware Config
Targets
-
-
Target
SPELIST0120Dec-130073_164300887Spec_Pdf.exe
-
Size
1.3MB
-
MD5
38f21e75ff73996220385c651b977d13
-
SHA1
c46c478a05c788c60abccf265d58de93115da221
-
SHA256
0580f2e1a63c8db40f25570a673b1620d753d28f55101dd5f9d8270755d69261
-
SHA512
28cbaa62ddc069ec325a61bdb585be6ef76265f9ee1fb75560e19ed99fa429387b488217942fc1e7c1393cefc7546d82abbe63f02ad321d90b31a5682ba1a069
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-