xpertrat | 70e2f9d2aa6647aaa726f610cbba7333ae7fd71294d5f50647bcbde5c84720e9 | Triage

Submit
Reports

Overview

overview

Static

static

EDG9532020...df.exe

windows7_x64

EDG9532020...df.exe

windows10-2004_x64

Sharing

General

Target

70e2f9d2aa6647aaa726f610cbba7333ae7fd71294d5f50647bcbde5c84720e9
Size

268KB
Sample

220521-ng89vaghcj
MD5

d2fc6e3008cc5b57ead4474c0238fe8c
SHA1

616c342bd4241a6c2a642ef623561d872ead4533
SHA256

70e2f9d2aa6647aaa726f610cbba7333ae7fd71294d5f50647bcbde5c84720e9
SHA512

67403355a5b7e40c96e5d176e9d0cb9c168b8cf3023ac96da10a359fbdfca3478184fe920522e632098e81047bd7076a5504c5124adc3a2e844cb2fb8134b314

Score

10^/10

xpertrat evasion persistence rat rezer0 trojan

Static task

static1

Behavioral task

behavioral1

Sample

EDG9532020061711000056_32859_pdf.exe

Resource

win7-20220414-en

xpertrat evasion persistence rat rezer0 trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EDG9532020061711000056_32859_pdf.exe

Resource

win10v2004-20220414-en

xpertrat evasion persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  EDG9532020061711000056_32859_pdf.exe
- Size
  
  317KB
- MD5
  
  2778a85862dc9ac764541a0c34dce584
- SHA1
  
  123bb7ddd48aca7c531ba892146157708754f463
- SHA256
  
  9464eba54dd22af19c810637f246d9f6239a74f38ace5efddfbe8e37c5c64768
- SHA512
  
  8a09bb6b83ea66d3e0e3f3166acc2276413e4b0fce84c024754e73a5d915fe1a577523c63cbd9cad325d0a6809156d0aa9f0be003bd0f5af03487e85f2c75f4d
Score

10^/10

xpertrat evasion persistence rat rezer0 trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Adds policy Run key to start application
  persistence
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistenceratrezer0trojan

behavioral2

xpertratevasionpersistencerattrojan

© 2018-2024

Terms | Privacy