General
-
Target
Specification.exe
-
Size
717KB
-
Sample
220701-mnsd8secc7
-
MD5
20796a16b1839afba1f87ed53e7bd841
-
SHA1
d5bd0d0efc2059dbbf1eaaa30b1c859c313d9250
-
SHA256
2d0474bfb8aced6c0aacc081936209dc9287827e20284160ceae3edca8a50184
-
SHA512
ad809362c428bdd0d30f56e4fe8f4bfd7960849575451b33c642d5fc7d424e7eb355ec3caba95f02040a80d505db4f04edf363dd7dbdbe79df94ccb22dbce09f
Malware Config
Targets
-
-
Target
Specification.exe
-
Size
717KB
-
MD5
20796a16b1839afba1f87ed53e7bd841
-
SHA1
d5bd0d0efc2059dbbf1eaaa30b1c859c313d9250
-
SHA256
2d0474bfb8aced6c0aacc081936209dc9287827e20284160ceae3edca8a50184
-
SHA512
ad809362c428bdd0d30f56e4fe8f4bfd7960849575451b33c642d5fc7d424e7eb355ec3caba95f02040a80d505db4f04edf363dd7dbdbe79df94ccb22dbce09f
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-