xpertrat | b57ce6a053e28a6e8605e6cf462cb865d4286e20b043114098307d74fefe3302 | Triage

Sharing

General

Target

160e03b0116adf6688549729b61518eb_JaffaCakes118
Size

1.3MB
Sample

241005-efcptatfpq
MD5

160e03b0116adf6688549729b61518eb
SHA1

a5944808c302944b5906d892a1fd77adaf4a309c
SHA256

b57ce6a053e28a6e8605e6cf462cb865d4286e20b043114098307d74fefe3302
SHA512

9f495f48b1250e2764771c0aa3c78cd63265e22e2066f7fd3cb8f788bbbd9ea36ca6abfda09483e482426a2de75d324ab63cdf296bbc1cfe22088df59b77048a
SSDEEP

24576:SCdxte/80jYLT3U1jfsWagU2Y9WBtOlnbL6TKyyfQ:Dw80cTsjkWagzOZLg

Score

10^/10

xpertrat test discovery evasion rat trojan

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

Test

C2

185.125.205.93:9911

Mutex

P0V4N118-N5M3-W331-C1L0-Y2V3P6C8B2Q6

Targets

- Target
  
  160e03b0116adf6688549729b61518eb_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  160e03b0116adf6688549729b61518eb
- SHA1
  
  a5944808c302944b5906d892a1fd77adaf4a309c
- SHA256
  
  b57ce6a053e28a6e8605e6cf462cb865d4286e20b043114098307d74fefe3302
- SHA512
  
  9f495f48b1250e2764771c0aa3c78cd63265e22e2066f7fd3cb8f788bbbd9ea36ca6abfda09483e482426a2de75d324ab63cdf296bbc1cfe22088df59b77048a
- SSDEEP
  
  24576:SCdxte/80jYLT3U1jfsWagU2Y9WBtOlnbL6TKyyfQ:Dw80cTsjkWagzOZLg
Score

10^/10

discovery xpertrat test evasion rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core payload
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xpertrattestdiscoveryevasionrattrojan