Overview

overview

10

Static

static

8

9c74a0a4fc...f1.exe

windows7_x64

10

9c74a0a4fc...f1.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    13-05-2021 07:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c74a0a4fc11ce137d1eab69d51718b8c29a37c0827f6f85849b0982ac0cc4f1.exe

  • Size

    298KB

  • MD5

    03a158c82d5301bb70fb7b51839c168a

  • SHA1

    834cd0b6a80f4c424c765e40b7b782c4d13229ff

  • SHA256

    9c74a0a4fc11ce137d1eab69d51718b8c29a37c0827f6f85849b0982ac0cc4f1

  • SHA512

    2aea000c4a95db7fd6322864f48bdbe5ed53e5c3713ba03a8baa0c352a2b6bc75c2f81818b3062e07432200bee0d51c13b85e335fc926c2601975247423a44f4

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Signatures

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    backdoorratinfostealerwebmonitor
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c74a0a4fc11ce137d1eab69d51718b8c29a37c0827f6f85849b0982ac0cc4f1.exe
    "C:\Users\Admin\AppData\Local\Temp\9c74a0a4fc11ce137d1eab69d51718b8c29a37c0827f6f85849b0982ac0cc4f1.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: RenamesItself
    PID:2000

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-59-0x00000000765F1000-0x00000000765F3000-memory.dmp
    Filesize

    8KB

    Download