xpertrat | 3d7e2744ac50ae3ff7fcdbf97b4f70af8236ade6c3d2e82004f0641be304f83b | Triage

Sharing

General

Target

tmp/2587ea00-8b51-4ab2-82a4-1f5bda74ea65_Ego2.exe
Size

172KB
Sample

211227-fm17esagdj
MD5

d5438415ed71322922b70ac85ad02f64
SHA1

832cfa96f5ff034db65707f6781752441beaf0aa
SHA256

3d7e2744ac50ae3ff7fcdbf97b4f70af8236ade6c3d2e82004f0641be304f83b
SHA512

7f12be61ddb39cd357f817cf1c47110128ae2d962e9c1fcb947f8f7ed6084db5a3607f3edda06680e3d078c50a754859511cb69c0adac01360b51cee54925b6c

Score

10^/10

xpertrat collection evasion persistence rat trojan

Malware Config

Targets

- Target
  
  tmp/2587ea00-8b51-4ab2-82a4-1f5bda74ea65_Ego2.exe
- Size
  
  172KB
- MD5
  
  d5438415ed71322922b70ac85ad02f64
- SHA1
  
  832cfa96f5ff034db65707f6781752441beaf0aa
- SHA256
  
  3d7e2744ac50ae3ff7fcdbf97b4f70af8236ade6c3d2e82004f0641be304f83b
- SHA512
  
  7f12be61ddb39cd357f817cf1c47110128ae2d962e9c1fcb947f8f7ed6084db5a3607f3edda06680e3d078c50a754859511cb69c0adac01360b51cee54925b6c
Score

10^/10

xpertrat collection evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratcollectionevasionpersistencerattrojan

behavioral2

xpertratevasionpersistencerattrojan