xpertrat | 31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d | Triage

Sharing

General

Target

Új megrendelés - 00905173088 CPTL árajánlat - egyenként 100.exe
Size

110KB
Sample

240208-qlmyhsfd78
MD5

e18a8e37b5d2cfaec89222fd74c88081
SHA1

19a794cb433dc4445e33becc7c2ce7d211baefa6
SHA256

31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d
SHA512

287358b925ff7a6e214ea29612461c94fbc12eb145a8ed3cfc8a7400151a6fe7ebc399d6ae0ad22d31dd8b9e2082668957a30baca807502cf1a78beb33b5c2c8
SSDEEP

1536:Kx+EiewYluxHtThsiP34bbCaFJqIc5fpD7/xL:KrvyRhsiffaKIc5hDF

Score

10^/10

xpertrat blaze collection evasion persistence rat trojan upx

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

BLAZE

C2

twart.myfirewall.org:5344

Mutex

A6G228Q5-H8G1-F1T6-U4K6-C1J007E2X0Y8

Targets

- Target
  
  Új megrendelés - 00905173088 CPTL árajánlat - egyenként 100.exe
- Size
  
  110KB
- MD5
  
  e18a8e37b5d2cfaec89222fd74c88081
- SHA1
  
  19a794cb433dc4445e33becc7c2ce7d211baefa6
- SHA256
  
  31ec85607b59877f42e791a2ac23d8c8c95edc8bad7fc0939a90a3807f445c6d
- SHA512
  
  287358b925ff7a6e214ea29612461c94fbc12eb145a8ed3cfc8a7400151a6fe7ebc399d6ae0ad22d31dd8b9e2082668957a30baca807502cf1a78beb33b5c2c8
- SSDEEP
  
  1536:Kx+EiewYluxHtThsiP34bbCaFJqIc5fpD7/xL:KrvyRhsiffaKIc5hDF
Score

10^/10

xpertrat blaze collection evasion persistence rat trojan upx
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

xpertratblazecollectionevasionpersistencerattrojanupx