xpertrat | d37b127c493bbf59bff2017e49513c0f80a5db906715f5e22bbb23d24c2cca3b | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.Siggen17.50772.426.3507
Size

502KB
Sample

220512-1lf53sada9
MD5

d1d7f23ea413b011f029e5d97890c41e
SHA1

82153f7e21609a7dfb1ee98e56915393bdb504b8
SHA256

d37b127c493bbf59bff2017e49513c0f80a5db906715f5e22bbb23d24c2cca3b
SHA512

a7bfc0c64be27fd45ab3d0b0aab47553a25de6535667e643b3caeecc8b9b7557b5ca361936ef2a32d44387ba5418ad5ece5065403992e1fbda869e7a49e5e298

Score

10^/10

xpertrat evasion persistence rat trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.Siggen17.50772.426.3507
- Size
  
  502KB
- MD5
  
  d1d7f23ea413b011f029e5d97890c41e
- SHA1
  
  82153f7e21609a7dfb1ee98e56915393bdb504b8
- SHA256
  
  d37b127c493bbf59bff2017e49513c0f80a5db906715f5e22bbb23d24c2cca3b
- SHA512
  
  a7bfc0c64be27fd45ab3d0b0aab47553a25de6535667e643b3caeecc8b9b7557b5ca361936ef2a32d44387ba5418ad5ece5065403992e1fbda869e7a49e5e298
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2

xpertratevasionpersistencerattrojan