xpertrat | 6aa342f22e938855a4158aaf5e5290227cfc8ec244f12a4087d6235bcd4e0c80 | Triage

Sharing

General

Target

6aa342f22e938855a4158aaf5e5290227cfc8ec244f12a4087d6235bcd4e0c80
Size

484KB
Sample

220329-w9b4tadgfk
MD5

8e00098b2140e8b6a58a18350e45112c
SHA1

c91661bc6067bd0a7b0d9ab7765f7728069deb62
SHA256

6aa342f22e938855a4158aaf5e5290227cfc8ec244f12a4087d6235bcd4e0c80
SHA512

1136b1a7004f64c4862d4eb77422dbf8d388f02a490633a1a894b1350b56c474b95cb7addc42beb4a2d74abf9c868145a925bf40e713f592a2f4ee2120080e4b

Score

10^/10

xpertrat evasion persistence rat trojan

Malware Config

Targets

- Target
  
  6aa342f22e938855a4158aaf5e5290227cfc8ec244f12a4087d6235bcd4e0c80
- Size
  
  484KB
- MD5
  
  8e00098b2140e8b6a58a18350e45112c
- SHA1
  
  c91661bc6067bd0a7b0d9ab7765f7728069deb62
- SHA256
  
  6aa342f22e938855a4158aaf5e5290227cfc8ec244f12a4087d6235bcd4e0c80
- SHA512
  
  1136b1a7004f64c4862d4eb77422dbf8d388f02a490633a1a894b1350b56c474b95cb7addc42beb4a2d74abf9c868145a925bf40e713f592a2f4ee2120080e4b
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2

xpertratevasionpersistencerattrojan