General
-
Target
gunzipped.exe
-
Size
773KB
-
Sample
220315-wfrmeaebf5
-
MD5
fd5a0326a71e89b2ff144ea336fac113
-
SHA1
aa6b046a0ed889b59cdb0ee9a957c4c6d542e233
-
SHA256
bda50ff249b947617d9551c717e78131ed32bf77db9dc5b7591d3e1af6cb2f1a
-
SHA512
51a75041b8fe9dab9cb51e28b39a497eff7ccb4c81311223ec92492cd3ddcfb6bc91ebf555f61a8b25423d81fd692920b44980ab306acb3b8451b633f297b800
Score
10/10
Malware Config
Targets
-
-
Target
gunzipped.exe
-
Size
773KB
-
MD5
fd5a0326a71e89b2ff144ea336fac113
-
SHA1
aa6b046a0ed889b59cdb0ee9a957c4c6d542e233
-
SHA256
bda50ff249b947617d9551c717e78131ed32bf77db9dc5b7591d3e1af6cb2f1a
-
SHA512
51a75041b8fe9dab9cb51e28b39a497eff7ccb4c81311223ec92492cd3ddcfb6bc91ebf555f61a8b25423d81fd692920b44980ab306acb3b8451b633f297b800
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-