General
-
Target
5648ae8e4d5fe8302713953412d15757bdc57c61e4554808158073999270a99a
-
Size
659KB
-
Sample
220521-asz9esdfhm
-
MD5
ed1ab5710b1770ba84997a5b83fe9714
-
SHA1
845e8667f7b29b3cf21aa4a86b511222a7b3e157
-
SHA256
5648ae8e4d5fe8302713953412d15757bdc57c61e4554808158073999270a99a
-
SHA512
6b12998250f620943908b5390a0bf46ecf42b2675a29b12265e9839422da93887649f132ba780706460276ee991ee7172ff5f9f785c319a0c684ab1eef481b57
Malware Config
Targets
-
-
Target
EMECA20_GeneralBrochureEN_web_pdf.exe
-
Size
981KB
-
MD5
0816345b69321795af4a24159d3545b7
-
SHA1
4b743df38e5f214bf85b85c95851bf75d08683a1
-
SHA256
f79b985c1bf0b6708864ec45d12917c2e130dc53408b648b893179874f8e4b97
-
SHA512
5ad6e41c75500c95b40f5866f265a927e252ec9ed8adc59c003180efd7627f5fff0c276d3b93ffd77263de8008125152db2ce8f657da993bb88a31249298e7b6
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-