General
-
Target
bjZB.exe
-
Size
1.4MB
-
Sample
220901-hmf8csbfd4
-
MD5
ee79da4d89dff4f76a822bb60e3a4d05
-
SHA1
830160df0323cbb49bb2fc17ada3a244fcf632d4
-
SHA256
baa66f0786ba08ec0dc82d145bce5bc43e31a8beddd34b6cad96b24c9adb1c5f
-
SHA512
3a6069d6754a04d4514d22a2563af04b5acdcef0a08f3a2e58e412aaa651155d4b0efe0a36edf520e9c6dcb05e80650d50e6e55192d4a87610f5e1f91d16442f
-
SSDEEP
24576:10LOa5+siQP+CfZ5Az6aFwgR64Bs/TrIyAPm:19TQPlh5AXR64m7cy
Malware Config
Targets
-
-
Target
bjZB.exe
-
Size
1.4MB
-
MD5
ee79da4d89dff4f76a822bb60e3a4d05
-
SHA1
830160df0323cbb49bb2fc17ada3a244fcf632d4
-
SHA256
baa66f0786ba08ec0dc82d145bce5bc43e31a8beddd34b6cad96b24c9adb1c5f
-
SHA512
3a6069d6754a04d4514d22a2563af04b5acdcef0a08f3a2e58e412aaa651155d4b0efe0a36edf520e9c6dcb05e80650d50e6e55192d4a87610f5e1f91d16442f
-
SSDEEP
24576:10LOa5+siQP+CfZ5Az6aFwgR64Bs/TrIyAPm:19TQPlh5AXR64m7cy
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Windows security modification
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Program crash
-
Suspicious use of SetThreadContext
-