Extracted

• • Target

    Mhd Order REF_PO 20230918.doc

  • Size

    92KB

  • MD5

    87dc64cd0d2d13f4897619c008540bcb

  • SHA1

    7f191350095893ebc3e1aa0e9e79dc083961e697

  • SHA256

    aee43496026aadd3bb0884c7fcd200758fde8c35940f0745628f4a0f480923c0

  • SHA512

    09e5d4f84ee2da4306cd4ddc97bebec6071b075e236ef861149daf30ae156d7e0b6f6882926eb7e0f841988424e07d283f505d9de4d91955e1f305961b05b755

  • SSDEEP

    768:ewAbZSibMX9gRWjFrOxpo0gcdOSY04ttpVtocQWILLIYGYsTqcmtDU9YHL:ewAlRQKxmidnY04ttpXoeyhGYsVmtYUL

  Score

  10^/10

  xpertratstrigiocollectionevasionpersistencerattrojanupx

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • XpertRAT

    XpertRAT is a remote access trojan with various capabilities.

    ratxpertrat

  • XpertRAT Core payload

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Adds policy Run key to start application

    persistence

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Accesses Microsoft Outlook accounts

    collection

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2