xpertrat | 0b3ee4059f431e5bfd85d8bfcce4bb5d2a33b40baca82a36dbca89ea5e4a14b3 | Triage

Sharing

General

Target

102dfca73df9a539a34b886349365381.bin
Size

549KB
Sample

231012-ndnhzafc3w
MD5

64b9975784d5bd7b53dd513cefb88633
SHA1

0b48d828d6cd6efcc9e95b003e510ad20f7bfb07
SHA256

0b3ee4059f431e5bfd85d8bfcce4bb5d2a33b40baca82a36dbca89ea5e4a14b3
SHA512

a7fda3ba7ddc57c182330f8a13f698b9bc50123ed1b6cfb25933df05b3b25b477f95bca0f2b244fabccc294a67b73c35f459a45c67c0414ab523fa8efe22c1ec
SSDEEP

12288:IzbHg8e/dZPSWgcVld6XFk886z0pVGvx8kfNhnDSFcF:IHHC/dN7BVf65vxzVhDSq

Score

10^/10

xpertrat strigio evasion persistence rat trojan

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

STRIGIO

C2

sandshoe.myfirewall.org:5344

Mutex

I8N3F0X7-G4E2-P2S0-T0D7-R1N2H5T660I4

Targets

- Target
  
  27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9.exe
- Size
  
  795KB
- MD5
  
  102dfca73df9a539a34b886349365381
- SHA1
  
  35b90a9ae3dc136502102017c0488c5fc028eae1
- SHA256
  
  27216219fbe93818c217c05b66b6586ab58bb000b1c9bc96da93561923f1fce9
- SHA512
  
  4335a75a836ebb5c9f589d36bd9b96fa6c3c751ff37caf23805317cdd5082fef0fb3ed198ebdb90cde6e9700d4b0ede2233b6bab8cb421d193c1099510733316
- SSDEEP
  
  12288:Q84kSMdr3GNUAn9cNNeX8X/iTS46omh7lZyxa6A0KG384C26ygrxNU4Jpth9+8PZ:Q8fUc6ApGLC7ysxD1d/4e
Score

10^/10

xpertrat strigio evasion persistence rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core payload
- Adds policy Run key to start application
  persistence
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xpertratstrigioevasionpersistencerattrojan

behavioral2

xpertratstrigioevasionpersistencerattrojan