xpertrat | 5cccc209ebe7cdb29b972e0cf4f0460bda3fe89b8c306bbf21bad77d70733337 | Triage

Sharing

General

Target

94717dd0dbf15a1e0dca412a5f5d9377_JaffaCakes118
Size

885KB
Sample

241124-nthyestqan
MD5

94717dd0dbf15a1e0dca412a5f5d9377
SHA1

e450dd56f0f757b9f95979dfdb8ae11cfdb5b25a
SHA256

5cccc209ebe7cdb29b972e0cf4f0460bda3fe89b8c306bbf21bad77d70733337
SHA512

80f3a2c32330732df3055b083f606e5f070a2b9f9a59a0f30393881da49a2131356b26f8ec00da4089a248d04b6015931d3ee8695ae3c0292b103d0c12fa2c86
SSDEEP

24576:f2O/GlbHxuD2csmgoJ8ggOCLs2lQlZP69kT:6RVcsmBJTAuri9Q

Score

10^/10

xpertrat egede discovery evasion rat trojan

Malware Config

Extracted

Family

xpertrat

Version

3.0.10

Botnet

egede

C2

154.16.201.173:4040

Mutex

D5M4R2E4-S8F1-E1S6-S4J6-B0I886D2W0W8

Targets

- Target
  
  94717dd0dbf15a1e0dca412a5f5d9377_JaffaCakes118
- Size
  
  885KB
- MD5
  
  94717dd0dbf15a1e0dca412a5f5d9377
- SHA1
  
  e450dd56f0f757b9f95979dfdb8ae11cfdb5b25a
- SHA256
  
  5cccc209ebe7cdb29b972e0cf4f0460bda3fe89b8c306bbf21bad77d70733337
- SHA512
  
  80f3a2c32330732df3055b083f606e5f070a2b9f9a59a0f30393881da49a2131356b26f8ec00da4089a248d04b6015931d3ee8695ae3c0292b103d0c12fa2c86
- SSDEEP
  
  24576:f2O/GlbHxuD2csmgoJ8ggOCLs2lQlZP69kT:6RVcsmBJTAuri9Q
Score

10^/10

discovery xpertrat egede evasion rat trojan
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- XpertRAT
  XpertRAT is a remote access trojan with various capabilities.
  rat xpertrat
- XpertRAT Core payload
- Xpertrat family
  xpertrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xpertrategedediscoveryevasionrattrojan