xpertrat | 6cdc19ff655d60c2f9f5ea1d4397efa91e20a60581509b90664c556c30db34c2 | Triage

Sharing

General

Target

6cdc19ff655d60c2f9f5ea1d4397efa91e20a60581509b90664c556c30db34c2
Size

172KB
Sample

220731-fq3veshdh7
MD5

e49ce76cfe71eb53e6ebc32b112ebdad
SHA1

e64787efdf916fa0e433e1ac4b462e89802ac1f4
SHA256

6cdc19ff655d60c2f9f5ea1d4397efa91e20a60581509b90664c556c30db34c2
SHA512

3cd32ab45a84299398e4da9b843f5231e3ec9339e196ebb54a81d705c69aed28b0543853427f1eb34ac891741fcb57fba083d1e268385b42d69c0d44ad1b5ac1

Score

10^/10

xpertrat evasion persistence rat trojan

Malware Config

Targets

- Target
  
  6cdc19ff655d60c2f9f5ea1d4397efa91e20a60581509b90664c556c30db34c2
- Size
  
  172KB
- MD5
  
  e49ce76cfe71eb53e6ebc32b112ebdad
- SHA1
  
  e64787efdf916fa0e433e1ac4b462e89802ac1f4
- SHA256
  
  6cdc19ff655d60c2f9f5ea1d4397efa91e20a60581509b90664c556c30db34c2
- SHA512
  
  3cd32ab45a84299398e4da9b843f5231e3ec9339e196ebb54a81d705c69aed28b0543853427f1eb34ac891741fcb57fba083d1e268385b42d69c0d44ad1b5ac1
Score

10^/10

xpertrat evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- Adds policy Run key to start application
  persistence
- Deletes itself
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

xpertratevasionpersistencerattrojan

behavioral2

xpertratevasionpersistencerattrojan