General
-
Target
gunzipped.exe
-
Size
892KB
-
Sample
220428-n44ymsfhep
-
MD5
76ee7c7ec27ac1d8ac5b42ce1813b3f4
-
SHA1
5cf06e9981723e56996ed0a7c19f677ca0e1d187
-
SHA256
6068e249773f4636d788ac7793a6184c02d3107fdbdc9209b0ebe59761883189
-
SHA512
ff5a6b7daffdba0d05823b79c6251eeb82f6c43bf21dd65c558367e205a0753740e9dc823dbc9e74c798e62dd6aeee8b43e8a394fbebd71e814d174bb3e6e4ed
Score
10/10
Malware Config
Targets
-
-
Target
gunzipped.exe
-
Size
892KB
-
MD5
76ee7c7ec27ac1d8ac5b42ce1813b3f4
-
SHA1
5cf06e9981723e56996ed0a7c19f677ca0e1d187
-
SHA256
6068e249773f4636d788ac7793a6184c02d3107fdbdc9209b0ebe59761883189
-
SHA512
ff5a6b7daffdba0d05823b79c6251eeb82f6c43bf21dd65c558367e205a0753740e9dc823dbc9e74c798e62dd6aeee8b43e8a394fbebd71e814d174bb3e6e4ed
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-