General

  • Target

    Specification.exe

  • Size

    717KB

  • Sample

    220701-mpp1haece5

  • MD5

    20796a16b1839afba1f87ed53e7bd841

  • SHA1

    d5bd0d0efc2059dbbf1eaaa30b1c859c313d9250

  • SHA256

    2d0474bfb8aced6c0aacc081936209dc9287827e20284160ceae3edca8a50184

  • SHA512

    ad809362c428bdd0d30f56e4fe8f4bfd7960849575451b33c642d5fc7d424e7eb355ec3caba95f02040a80d505db4f04edf363dd7dbdbe79df94ccb22dbce09f

Malware Config

Targets

    • Target

      Specification.exe

    • Size

      717KB

    • MD5

      20796a16b1839afba1f87ed53e7bd841

    • SHA1

      d5bd0d0efc2059dbbf1eaaa30b1c859c313d9250

    • SHA256

      2d0474bfb8aced6c0aacc081936209dc9287827e20284160ceae3edca8a50184

    • SHA512

      ad809362c428bdd0d30f56e4fe8f4bfd7960849575451b33c642d5fc7d424e7eb355ec3caba95f02040a80d505db4f04edf363dd7dbdbe79df94ccb22dbce09f

    • UAC bypass

    • Windows security bypass

    • XpertRAT

      XpertRAT is a remote access trojan with various capabilities.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks