General
-
Target
gunzipped.exe
-
Size
424KB
-
Sample
211222-l58l4sgafm
-
MD5
4f5e20c314951e30f5ca01a71559a62c
-
SHA1
8910f34119c522fed7dee3f545ed7aa67396baec
-
SHA256
467693bbef8580dd6eab668a628d44e94548710be1cc60799f8e17df8c63f88a
-
SHA512
e39657f0dbab0cf9056e41d753e8c26e83b4d2b23cafedbb3652e588bf248f538c1fa1ed6017c4cee5bfde8304cb6d1b521bc12191547321195f0578e160f012
Malware Config
Extracted
xpertrat
3.0.10
Test
127.0.0.1:666
23.105.131.209:5643
J3S7K4V2-L8C6-M6Q5-Y5I3-V6L7F1Y2X5G0
Targets
-
-
Target
gunzipped.exe
-
Size
424KB
-
MD5
4f5e20c314951e30f5ca01a71559a62c
-
SHA1
8910f34119c522fed7dee3f545ed7aa67396baec
-
SHA256
467693bbef8580dd6eab668a628d44e94548710be1cc60799f8e17df8c63f88a
-
SHA512
e39657f0dbab0cf9056e41d753e8c26e83b4d2b23cafedbb3652e588bf248f538c1fa1ed6017c4cee5bfde8304cb6d1b521bc12191547321195f0578e160f012
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Adds policy Run key to start application
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-