xpertrat | 519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5 | Triage

Sharing

General

Target

519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5
Size

349KB
Sample

220226-kmg6rsabb5
MD5

cfc7eec10a72d743ba86e1f9f661629e
SHA1

719d433f928ccfa0b5c554587fd17e1a70485fd4
SHA256

519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5
SHA512

da49b741bb37c93e277cec3bb3d1afbefdb553b6c56b8cce96b466e6967a51b7ea4472f4a270d32cb36c7ed7d6c0feebb4356e0bc1325addacc9ec595c8369bc

Score

10^/10

xpertrat evasion persistence rat trojan

Malware Config

Targets

- Target
  
  519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5
- Size
  
  349KB
- MD5
  
  cfc7eec10a72d743ba86e1f9f661629e
- SHA1
  
  719d433f928ccfa0b5c554587fd17e1a70485fd4
- SHA256
  
  519fc2007f744abcb7a7b2d6b255670ca232662182897d2312fcf1480879e7c5
- SHA512
  
  da49b741bb37c93e277cec3bb3d1afbefdb553b6c56b8cce96b466e6967a51b7ea4472f4a270d32cb36c7ed7d6c0feebb4356e0bc1325addacc9ec595c8369bc
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2