General
-
Target
eefa3dd3a36a5decba3c42072ef0798e_JaffaCakes118
-
Size
911KB
-
Sample
240412-djsd1agd6s
-
MD5
eefa3dd3a36a5decba3c42072ef0798e
-
SHA1
a51f4f499fc618b9dc36e079258ed3c087e2bae5
-
SHA256
862bf290697cfbd5cb41966b550e8b163aac94d6e07461c6e4353ea6fad62e83
-
SHA512
6e28230749c2938279e32d4c2631ea6193f28c2a5d5cd38f4176dc8e5e70a986db866e770ff32e4eaad3233b8e336f66877e1e2c70c9ef5ec2f3912f9df7d6a2
-
SSDEEP
12288:bJmWMzH+hB/pzxJi3X3+b6umJBDARbeqTJgRGL1xPJH1gOk2jNdgx8qNUn3PHMO:TLpXk+b6umJBDAJeqtgR8XN1g4EO
Malware Config
Targets
-
-
Target
eefa3dd3a36a5decba3c42072ef0798e_JaffaCakes118
-
Size
911KB
-
MD5
eefa3dd3a36a5decba3c42072ef0798e
-
SHA1
a51f4f499fc618b9dc36e079258ed3c087e2bae5
-
SHA256
862bf290697cfbd5cb41966b550e8b163aac94d6e07461c6e4353ea6fad62e83
-
SHA512
6e28230749c2938279e32d4c2631ea6193f28c2a5d5cd38f4176dc8e5e70a986db866e770ff32e4eaad3233b8e336f66877e1e2c70c9ef5ec2f3912f9df7d6a2
-
SSDEEP
12288:bJmWMzH+hB/pzxJi3X3+b6umJBDARbeqTJgRGL1xPJH1gOk2jNdgx8qNUn3PHMO:TLpXk+b6umJBDAJeqtgR8XN1g4EO
Score10/10-
UAC bypass
-
Windows security bypass
-
XpertRAT
XpertRAT is a remote access trojan with various capabilities.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2