General
-
Target
CS-SUPPLIER QUOTATION SPECIFICATION 2022-0120 45PCS.PDF(97KB).exe
-
Size
380KB
-
Sample
220120-jbv3taggd4
-
MD5
1402bc75caa465e3c69c302a7390a8e7
-
SHA1
df94f132f82c48cdda43a1121266320a1520ffdc
-
SHA256
25a80f4addf74c82d8ae815164c44dcd530fd59fc278f306552d35d5140b880b
-
SHA512
5fc4fe7216c19ae454bf681a53bf0a573a4aed13ca2d596c2c361b4390cffe4b232887e32c1bbf75b6d770100e4878a88b7fea564c7efee211bf80c763f0bcc2
Malware Config
Targets
-
-
Target
CS-SUPPLIER QUOTATION SPECIFICATION 2022-0120 45PCS.PDF(97KB).exe
-
Size
380KB
-
MD5
1402bc75caa465e3c69c302a7390a8e7
-
SHA1
df94f132f82c48cdda43a1121266320a1520ffdc
-
SHA256
25a80f4addf74c82d8ae815164c44dcd530fd59fc278f306552d35d5140b880b
-
SHA512
5fc4fe7216c19ae454bf681a53bf0a573a4aed13ca2d596c2c361b4390cffe4b232887e32c1bbf75b6d770100e4878a88b7fea564c7efee211bf80c763f0bcc2
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Sets service image path in registry
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-