General
-
Target
79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216
-
Size
1.4MB
-
Sample
221121-fj1fqagd4t
-
MD5
3046222c67a68d7cadabd19434355600
-
SHA1
633f3b57954d2b2d7c37386af772dc199b3c6db7
-
SHA256
79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216
-
SHA512
703dc8b72ec2bbafe4f8fa466b48b839af95a445df25c07b615d5471ba5bb6aad5ba76b66371bbb2d4d2426bbb09de88c9de017fee33b3be0007aa045b318b8e
-
SSDEEP
24576:mUQZGjqqIaSb5rUoMGa7WATGC11Jk220gPgFKU0p82QcNZdsCAEKA3NHNEgsNPDS:mUJGqI5lbmD11JkfKop8Rc+CnaNYp
Malware Config
Targets
-
-
Target
79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216
-
Size
1.4MB
-
MD5
3046222c67a68d7cadabd19434355600
-
SHA1
633f3b57954d2b2d7c37386af772dc199b3c6db7
-
SHA256
79df6cbb29cb39554f1061d71437c0c5b6351a398abcece971653b90f7d13216
-
SHA512
703dc8b72ec2bbafe4f8fa466b48b839af95a445df25c07b615d5471ba5bb6aad5ba76b66371bbb2d4d2426bbb09de88c9de017fee33b3be0007aa045b318b8e
-
SSDEEP
24576:mUQZGjqqIaSb5rUoMGa7WATGC11Jk220gPgFKU0p82QcNZdsCAEKA3NHNEgsNPDS:mUJGqI5lbmD11JkfKop8Rc+CnaNYp
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-