xpertrat | e22a21011a6e843389fbbe8cab856a3ba7ecc184c779e2767cc91e666fa7b66a | Triage

Submit
Reports

Overview

overview

Static

static

e22a21011a...6a.exe

windows7_x64

e22a21011a...6a.exe

windows10-2004_x64

Sharing

General

Target

e22a21011a6e843389fbbe8cab856a3ba7ecc184c779e2767cc91e666fa7b66a
Size

1.1MB
Sample

220625-cmgw1aabfq
MD5

6962527d9ac313319bd2b87cd12ab32c
SHA1

cd5c57102e56d6af901919edf41dd85d9f012351
SHA256

e22a21011a6e843389fbbe8cab856a3ba7ecc184c779e2767cc91e666fa7b66a
SHA512

048f07a350e08d49e70b3a1a1d017c515f700ad0de2415130efe71c455b81cd656ab820104eff6bf39444d9cae1c2220066715ed8efec0e898602e9ea5ab3532

Score

10^/10

xpertrat evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

e22a21011a6e843389fbbe8cab856a3ba7ecc184c779e2767cc91e666fa7b66a.exe

Resource

win7-20220414-en

xpertrat evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e22a21011a6e843389fbbe8cab856a3ba7ecc184c779e2767cc91e666fa7b66a.exe

Resource

win10v2004-20220414-en

evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e22a21011a6e843389fbbe8cab856a3ba7ecc184c779e2767cc91e666fa7b66a
- Size
  
  1.1MB
- MD5
  
  6962527d9ac313319bd2b87cd12ab32c
- SHA1
  
  cd5c57102e56d6af901919edf41dd85d9f012351
- SHA256
  
  e22a21011a6e843389fbbe8cab856a3ba7ecc184c779e2767cc91e666fa7b66a
- SHA512
  
  048f07a350e08d49e70b3a1a1d017c515f700ad0de2415130efe71c455b81cd656ab820104eff6bf39444d9cae1c2220066715ed8efec0e898602e9ea5ab3532
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2

evasionpersistencetrojan

© 2018-2024

Terms | Privacy