Overview

overview

10

Static

static

JANUARY OV...df.exe

windows7_x64

10

JANUARY OV...df.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JANUARY OVERDUE INVOICE.pdf.exe

  • Size

    1.5MB

  • Sample

    210407-h2tt7jq6j2

  • MD5

    f7d79ec6a3bf524f8f0c0e8d54949948

  • SHA1

    ff9535613f977f6321a1eca20c50e97d23c83259

  • SHA256

    b4fbe906439597a3d05b94f3a7001069687e598cabc9a82e47d6c43046be10a5

  • SHA512

    27dd0344afe613f24147e08aa1208e0fbea2c6618a69a97e48b94a9f412b44273dfd268653dcaec7a83e7fdb10601b6c58ee90bc412601879308f69f7d5d2783

Score
10/10
webmonitorbackdoorinfostealerrat

Malware Config

Targets

    • Target

      JANUARY OVERDUE INVOICE.pdf.exe

    • Size

      1.5MB

    • MD5

      f7d79ec6a3bf524f8f0c0e8d54949948

    • SHA1

      ff9535613f977f6321a1eca20c50e97d23c83259

    • SHA256

      b4fbe906439597a3d05b94f3a7001069687e598cabc9a82e47d6c43046be10a5

    • SHA512

      27dd0344afe613f24147e08aa1208e0fbea2c6618a69a97e48b94a9f412b44273dfd268653dcaec7a83e7fdb10601b6c58ee90bc412601879308f69f7d5d2783

    Score
    10/10
    webmonitorbackdoorinfostealerrat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks