xpertrat | 27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9 | Triage

Sharing

General

Target

27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
Size

795KB
Sample

230918-t6k67sch93
MD5

102dfca73df9a539a34b886349365381
SHA1

35b90a9ae3dc136502102017c0488c5fc028eae1
SHA256

27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
SHA512

4335a75a836ebb5c9f589d36bd9b96fa6c3c751ff37caf23805317cdd5082fef0fb3ed198ebdb90cde6e9700d4b0ede2233b6bab8cb421d193c1099510733316
SSDEEP

12288:Q84kSMdr3GNUAn9cNNeX8X/iTS46omh7lZyxa6A0KG384C26ygrxNU4Jpth9+8PZ:Q8fUc6ApGLC7ysxD1d/4e

Score

10^/10

xpertrat strigio evasion rat trojan

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

STRIGIO

C2

sandshoe.myfirewall.org:5344

Mutex

I8N3F0X7-G4E2-P2S0-T0D7-R1N2H5T660I4

Targets

- Target
  
  27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
- Size
  
  795KB
- MD5
  
  102dfca73df9a539a34b886349365381
- SHA1
  
  35b90a9ae3dc136502102017c0488c5fc028eae1
- SHA256
  
  27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
- SHA512
  
  4335a75a836ebb5c9f589d36bd9b96fa6c3c751ff37caf23805317cdd5082fef0fb3ed198ebdb90cde6e9700d4b0ede2233b6bab8cb421d193c1099510733316
- SSDEEP
  
  12288:Q84kSMdr3GNUAn9cNNeX8X/iTS46omh7lZyxa6A0KG384C26ygrxNU4Jpth9+8PZ:Q8fUc6ApGLC7ysxD1d/4e
Score

10^/10

xpertrat strigio evasion rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core payload
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Program crash
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xpertratstrigioevasionrattrojan