xpertrat | 0ad34d13fd6d8d1efab446e79f0edb787f422f33a37c67b69e1b8cced5bbe750 | Triage

Sharing

General

Target

0ad34d13fd6d8d1efab446e79f0edb787f422f33a37c67b69e1b8cced5bbe750
Size

1.7MB
Sample

220415-td9n4abfe3
MD5

c1ca6a5db88941335f8397321ece1f69
SHA1

a8aa004ba39b7638675e906102e9c79a5f2c9acd
SHA256

0ad34d13fd6d8d1efab446e79f0edb787f422f33a37c67b69e1b8cced5bbe750
SHA512

2ebe4043f79f2cb7b9a15b386fc644f1472aee71056376bd51331ef5994fde77063ce83310f826dbccf2e3b313eea24b52acc223927d5bceffacc5ec151273ea

Score

10^/10

xpertrat evasion persistence rat trojan

Malware Config

Targets

- Target
  
  0ad34d13fd6d8d1efab446e79f0edb787f422f33a37c67b69e1b8cced5bbe750
- Size
  
  1.7MB
- MD5
  
  c1ca6a5db88941335f8397321ece1f69
- SHA1
  
  a8aa004ba39b7638675e906102e9c79a5f2c9acd
- SHA256
  
  0ad34d13fd6d8d1efab446e79f0edb787f422f33a37c67b69e1b8cced5bbe750
- SHA512
  
  2ebe4043f79f2cb7b9a15b386fc644f1472aee71056376bd51331ef5994fde77063ce83310f826dbccf2e3b313eea24b52acc223927d5bceffacc5ec151273ea
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2

xpertratevasionpersistencerattrojan