General
-
Target
22eb28e2650a28f5b5aed8720fe39649c1da2288917134827be7970f764aa5d2
-
Size
1.3MB
-
Sample
220612-dye28acbfl
-
MD5
33f8a0394a84cc3c4a427dade84dc08e
-
SHA1
5387c0ead3450eaef1cc82e4c4a0b52982fb2952
-
SHA256
22eb28e2650a28f5b5aed8720fe39649c1da2288917134827be7970f764aa5d2
-
SHA512
3cd6375ce8b6160fa7109fcdab1f2909cf9827bc0ac20fbc98c9f844d53d70122016e3e7eab2334cf1a8205f989c18958c3a6ebb6d0e5a38774a7435d43bd9b7
Malware Config
Extracted
xpertrat
3.0.10
Test
185.125.205.93:9911
P0V4N118-N5M3-W331-C1L0-Y2V3P6C8B2Q6
Targets
-
-
Target
22eb28e2650a28f5b5aed8720fe39649c1da2288917134827be7970f764aa5d2
-
Size
1.3MB
-
MD5
33f8a0394a84cc3c4a427dade84dc08e
-
SHA1
5387c0ead3450eaef1cc82e4c4a0b52982fb2952
-
SHA256
22eb28e2650a28f5b5aed8720fe39649c1da2288917134827be7970f764aa5d2
-
SHA512
3cd6375ce8b6160fa7109fcdab1f2909cf9827bc0ac20fbc98c9f844d53d70122016e3e7eab2334cf1a8205f989c18958c3a6ebb6d0e5a38774a7435d43bd9b7
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
XpertRAT Core Payload
-
Windows security modification
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-