xpertrat | fdda853b067a704276a822cc0f2e5febd68d8d842e78cb4cb4fb255c4af0442e | Triage

Submit
Reports

Overview

overview

Static

static

Fenc_Gener...on.exe

windows7_x64

Fenc_Gener...on.exe

windows10-2004_x64

Sharing

General

Target

fdda853b067a704276a822cc0f2e5febd68d8d842e78cb4cb4fb255c4af0442e
Size

408KB
Sample

220521-b7zf4sgdfn
MD5

25019ae1bc7fc82eed97ea8be7642dcf
SHA1

692d041ce89796874416c86bfba65803f8f85eef
SHA256

fdda853b067a704276a822cc0f2e5febd68d8d842e78cb4cb4fb255c4af0442e
SHA512

dbd07960a1618e6d287cadc77cdacd51b7bd2aac1874dd254b7c1f1f99b393f9840288693029ebd0993cfda387cc9a091f505161efe5d809c1a45300318567e1

Score

10^/10

xpertrat evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Fenc_General Presentation.exe

Resource

win7-20220414-en

xpertrat evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Fenc_General Presentation.exe

Resource

win10v2004-20220414-en

xpertrat evasion persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Fenc_General Presentation.exe
- Size
  
  447KB
- MD5
  
  6550d5ad0410e634c7bab8e161fadf88
- SHA1
  
  8819193d0ad3e5c5717107aca3920ed283c53e80
- SHA256
  
  bd2bf7c79dda8208f9ec0c2199d1ec61058aa43bbe6f8548623444fc143a3aec
- SHA512
  
  57eb107f455af652096ea9bef547c90e460216a948883bf70564651d058b039ad62ad4e80c1c52ec15218d58dcb4bb8b2b48830b37bde30962a5c676838bd39c
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2

xpertratevasionpersistencerattrojan

© 2018-2024

Terms | Privacy