webmonitor | ecf20ba9055ef6e87d3c8565f3eedf67f02b068c844056d7a5c1d60bb9e67e5b | Triage

Sharing

General

Target

IMAGE20210406_490133692.exe
Size

1.6MB
Sample

210406-g4593xal3e
MD5

432494553bb7b05ce1970f180968aac3
SHA1

c1147f87babcf9c0ce3e278ded158c1343dc7e92
SHA256

ecf20ba9055ef6e87d3c8565f3eedf67f02b068c844056d7a5c1d60bb9e67e5b
SHA512

bf961ad8680d045a9a2555018695ed2e0a607feda2b60a3936be19f380985742075349d3d9112a8894f5a0c0fef2c9c668e5469ca4005ca7109bf8925b5067fd

Score

10^/10

webmonitor backdoor infostealer persistence rat

Malware Config

Targets

- Target
  
  IMAGE20210406_490133692.exe
- Size
  
  1.6MB
- MD5
  
  432494553bb7b05ce1970f180968aac3
- SHA1
  
  c1147f87babcf9c0ce3e278ded158c1343dc7e92
- SHA256
  
  ecf20ba9055ef6e87d3c8565f3eedf67f02b068c844056d7a5c1d60bb9e67e5b
- SHA512
  
  bf961ad8680d045a9a2555018695ed2e0a607feda2b60a3936be19f380985742075349d3d9112a8894f5a0c0fef2c9c668e5469ca4005ca7109bf8925b5067fd
Score

10^/10

webmonitor backdoor infostealer persistence rat
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerpersistencerat

behavioral2