General
-
Target
14f0eb0a4e795ed18fff8c171321c06672ba84f5ba1419a56b567a6e66115789
-
Size
656KB
-
Sample
220415-tpps3acbc7
-
MD5
fabd1bde9dfaf4ea736727c8b84d2f3b
-
SHA1
389a3e4d6185a9857053451979dd8ba74cb04886
-
SHA256
14f0eb0a4e795ed18fff8c171321c06672ba84f5ba1419a56b567a6e66115789
-
SHA512
2fecda06d9370b98e88c08e3c6cc0b805c66083a41081201ed9e72d3a5124e5b3bab4b8d70845d30aa612257cd16d5b5184618b803a29f93b3d5451d48dd14d9
Malware Config
Targets
-
-
Target
14f0eb0a4e795ed18fff8c171321c06672ba84f5ba1419a56b567a6e66115789
-
Size
656KB
-
MD5
fabd1bde9dfaf4ea736727c8b84d2f3b
-
SHA1
389a3e4d6185a9857053451979dd8ba74cb04886
-
SHA256
14f0eb0a4e795ed18fff8c171321c06672ba84f5ba1419a56b567a6e66115789
-
SHA512
2fecda06d9370b98e88c08e3c6cc0b805c66083a41081201ed9e72d3a5124e5b3bab4b8d70845d30aa612257cd16d5b5184618b803a29f93b3d5451d48dd14d9
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-