Extracted

• • Target

    f74ab1efa874c19f32108d0719951e9b2a6ab0bb9f9b66c53145e75efec1684b.exe

  • Size

    752KB

  • MD5

    09fefe8f2d0e20847f08ebd26e29741f

  • SHA1

    235393276d1b017e89acf3c891056e2fbe759f2b

  • SHA256

    f74ab1efa874c19f32108d0719951e9b2a6ab0bb9f9b66c53145e75efec1684b

  • SHA512

    6276bdda653057ff61a1dd73c74f87aed96617df36289beb3e0d89a11c1c46f2f55d8a6e5ef551c1b129967c185bc74cddf981b3fc8d468c927c667bb30b10cd

  • SSDEEP

    12288:6ymn0lWxMzIHREJVk/bq4izoW/m7Ar+oxpjijYtxJ2uw7qVLF7QRbiGMTYRQ:bm0lWxMiQW/O4ue7G+upl1wGVLF7XGMZ

  Score

  10^/10

  xpertratsalesevasionpersistencerattrojan

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XpertRAT

    XpertRAT is a remote access trojan with various capabilities.

    ratxpertrat

  • XpertRAT Core payload

  • Adds policy Run key to start application

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2