xpertrat | 9442bcc1f429af89162eaa7d9dca5115b9b46ecd775ddef52dd55c042ccd96d5 | Triage

Sharing

General

Target

9442bcc1f429af89162eaa7d9dca5115b9b46ecd775ddef52dd55c042ccd96d5
Size

421KB
Sample

220511-c8yrmseac2
MD5

fe212a223d63b8af680a7508b9ee5f25
SHA1

91974ea1ec4d8741e34c2a84f069d955b63c566a
SHA256

9442bcc1f429af89162eaa7d9dca5115b9b46ecd775ddef52dd55c042ccd96d5
SHA512

2e0f9a2d955b9837d3ac626b0c38d60e747bf43182f1ca21aa4bb26190b9041df38ffcb25261a8b7bb8b0c2bed11f6c53217758c939f0fa30daf0d5e81fcffca

Score

10^/10

xpertrat evasion persistence rat trojan

Malware Config

Targets

- Target
  
  9442bcc1f429af89162eaa7d9dca5115b9b46ecd775ddef52dd55c042ccd96d5
- Size
  
  421KB
- MD5
  
  fe212a223d63b8af680a7508b9ee5f25
- SHA1
  
  91974ea1ec4d8741e34c2a84f069d955b63c566a
- SHA256
  
  9442bcc1f429af89162eaa7d9dca5115b9b46ecd775ddef52dd55c042ccd96d5
- SHA512
  
  2e0f9a2d955b9837d3ac626b0c38d60e747bf43182f1ca21aa4bb26190b9041df38ffcb25261a8b7bb8b0c2bed11f6c53217758c939f0fa30daf0d5e81fcffca
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2

xpertratevasionpersistencerattrojan