Overview

overview

10

Static

static

5

a9909b284f...cf.exe

windows7-x64

10

a9909b284f...cf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9909b284f46a9193235f980fecd71e69a6c0d7fbac8e8879f73d11e3816dacf

  • Size

    1.2MB

  • Sample

    220731-fy99gaabg9

  • MD5

    d58b1c2f540268bd9dd920455568d45f

  • SHA1

    58fa23062ee8e44912be9712eed62fbe753289fd

  • SHA256

    a9909b284f46a9193235f980fecd71e69a6c0d7fbac8e8879f73d11e3816dacf

  • SHA512

    f36c1bbf62b091647151751896b98c3edffbfc711c12f02db6ef588c5a4661d1f1c3b9a1615fb3405eb9298d06d4dade3ba3286291ff11b5fc980d2f1e4519c8

Score
10/10
xpertrathauk902evasionrattrojan

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

Hauk902

C2

expertworldwithout.gleeze.com:4444

Mutex

R2Q3F8F6-L8M2-T1G2-O4Y1-C3N4I3V1R3O0

Targets

    • Target

      a9909b284f46a9193235f980fecd71e69a6c0d7fbac8e8879f73d11e3816dacf

    • Size

      1.2MB

    • MD5

      d58b1c2f540268bd9dd920455568d45f

    • SHA1

      58fa23062ee8e44912be9712eed62fbe753289fd

    • SHA256

      a9909b284f46a9193235f980fecd71e69a6c0d7fbac8e8879f73d11e3816dacf

    • SHA512

      f36c1bbf62b091647151751896b98c3edffbfc711c12f02db6ef588c5a4661d1f1c3b9a1615fb3405eb9298d06d4dade3ba3286291ff11b5fc980d2f1e4519c8

    Score
    10/10
    xpertrathauk902evasionrattrojan

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • XpertRAT

      XpertRAT is a remote access trojan with various capabilities.

      ratxpertrat

    • XpertRAT Core payload

    • Drops startup file

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks