General
-
Target
18919b2621fa34a4d1ba698fb8ec198f6fceb6fa904e0287574f5774a69d2ba2
-
Size
366KB
-
Sample
220521-dykbyagee7
-
MD5
0726be5c1522de6e13e544e1aea0ec36
-
SHA1
eeed338d3f10bfe035f82528348cde2bdf9c941b
-
SHA256
18919b2621fa34a4d1ba698fb8ec198f6fceb6fa904e0287574f5774a69d2ba2
-
SHA512
b8916d61631c27ed786eff5e5165608d4cdcf25a8b6f4c2f38f5b93b05249818226373fe5e82c148f154637d5d41167ae7853bce03149a42664b0ad6761c8467
Malware Config
Targets
-
-
Target
WaybillDoc_9910812295.exe
-
Size
383KB
-
MD5
7694cacbd4702388c664661eeff13bd4
-
SHA1
c462561babf3f27d9afb5ebd1b07629f64baa4d3
-
SHA256
47230c3bcf570bb50440eee83fb83bebe937489895a2b3fee9805ad675fb239f
-
SHA512
d55d299f0eaf6d60b769f8c6b06175b80d2e6163aaad96806aacf9b0b4de32aa968905cf7cab3a2557575cdc76d6b5af615866c814a9233d93b758566b487625
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-