General
-
Target
24b0f646c3bb9d35e9761b5d851b09c866eb8466d7438cedb561e8e79fe2af30
-
Size
584KB
-
Sample
220611-1b13hahbap
-
MD5
171569a4ca58064919c3d9e9cffcd1d0
-
SHA1
754db0cdffc636d95ee6a12d19a045bc95d9444c
-
SHA256
24b0f646c3bb9d35e9761b5d851b09c866eb8466d7438cedb561e8e79fe2af30
-
SHA512
fb08c20a852663129aeb5e50d4e1c9e63d0a084a27cc81d60a79525f996bbcc25f04859b7c381f01f3c266e14a12e03b1c5b1efbd3affeb5b348c1d32075b151
Malware Config
Targets
-
-
Target
24b0f646c3bb9d35e9761b5d851b09c866eb8466d7438cedb561e8e79fe2af30
-
Size
584KB
-
MD5
171569a4ca58064919c3d9e9cffcd1d0
-
SHA1
754db0cdffc636d95ee6a12d19a045bc95d9444c
-
SHA256
24b0f646c3bb9d35e9761b5d851b09c866eb8466d7438cedb561e8e79fe2af30
-
SHA512
fb08c20a852663129aeb5e50d4e1c9e63d0a084a27cc81d60a79525f996bbcc25f04859b7c381f01f3c266e14a12e03b1c5b1efbd3affeb5b348c1d32075b151
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-