Overview

overview

10

Static

static

SecuriteIn...61.exe

windows7_x64

10

SecuriteIn...61.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Ser.Lazy.948.25861.26687

  • Size

    512KB

  • Sample

    220512-3w9w9aeadm

  • MD5

    bfa6a35755791e6046c304ac582770c7

  • SHA1

    6f921e0412bc2506ef0c1b65f0f086da4a161ca5

  • SHA256

    0a35b0e0112fc3ffb7fb29e2f7afa092ae3b5932ff8e79c7a9b5365ad5e08013

  • SHA512

    fd7271fc40f5c1f25e8c30e05612042c2b200ac1635b079477d1b3cb3dd0a4c3270f425307933cce0b591ab2752a7d6450d15663ea62b3b8da991149ee7c8c75

Score
10/10
xpertratcollectionevasionpersistencerattrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Variant.Ser.Lazy.948.25861.26687

    • Size

      512KB

    • MD5

      bfa6a35755791e6046c304ac582770c7

    • SHA1

      6f921e0412bc2506ef0c1b65f0f086da4a161ca5

    • SHA256

      0a35b0e0112fc3ffb7fb29e2f7afa092ae3b5932ff8e79c7a9b5365ad5e08013

    • SHA512

      fd7271fc40f5c1f25e8c30e05612042c2b200ac1635b079477d1b3cb3dd0a4c3270f425307933cce0b591ab2752a7d6450d15663ea62b3b8da991149ee7c8c75

    Score
    10/10
    xpertratcollectionevasionpersistencerattrojan

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • XpertRAT

      XpertRAT is a remote access trojan with various capabilities.

      ratxpertrat

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Program crash

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

2
T1089

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks