General

  • Target

    79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216

  • Size

    1.4MB

  • Sample

    221121-fj1fqagd4t

  • MD5

    3046222c67a68d7cadabd19434355600

  • SHA1

    633f3b57954d2b2d7c37386af772dc199b3c6db7

  • SHA256

    79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216

  • SHA512

    703dc8b72ec2bbafe4f8fa466b48b839af95a445df25c07b615d5471ba5bb6aad5ba76b66371bbb2d4d2426bbb09de88c9de017fee33b3be0007aa045b318b8e

  • SSDEEP

    24576:mUQZGjqqIaSb5rUoMGa7WATGC11Jk220gPgFKU0p82QcNZdsCAEKA3NHNEgsNPDS:mUJGqI5lbmD11JkfKop8Rc+CnaNYp

Malware Config

Targets

    • Target

      79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216

    • Size

      1.4MB

    • MD5

      3046222c67a68d7cadabd19434355600

    • SHA1

      633f3b57954d2b2d7c37386af772dc199b3c6db7

    • SHA256

      79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216

    • SHA512

      703dc8b72ec2bbafe4f8fa466b48b839af95a445df25c07b615d5471ba5bb6aad5ba76b66371bbb2d4d2426bbb09de88c9de017fee33b3be0007aa045b318b8e

    • SSDEEP

      24576:mUQZGjqqIaSb5rUoMGa7WATGC11Jk220gPgFKU0p82QcNZdsCAEKA3NHNEgsNPDS:mUJGqI5lbmD11JkfKop8Rc+CnaNYp

    • UAC bypass

    • Windows security bypass

    • XpertRAT

      XpertRAT is a remote access trojan with various capabilities.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks