webmonitor | 0b41b1f1d338b4b082a88a385334d4cc85b6b7ef582bf15c5bd104839f195348 | Triage

Submit
Reports

Overview

overview

Static

static

0b41b1f1d3...48.exe

windows7_x64

0b41b1f1d3...48.exe

windows10_x64

Sharing

General

Target

0b41b1f1d338b4b082a88a385334d4cc85b6b7ef582bf15c5bd104839f195348
Size

1.6MB
Sample

210515-dxn7hbw622
MD5

727c2d4c6016849316ae589295508acc
SHA1

9782d9c356d7c7f83a92daf941cd0e34b2301e32
SHA256

0b41b1f1d338b4b082a88a385334d4cc85b6b7ef582bf15c5bd104839f195348
SHA512

cf083b91c210cc43006410648d096519cc45f6d2db40f2980f4b2816784ddfa8cf2b40b5eec277e0986cd192d3285806293d17ffd944d3376e9fa6798324bab8

Score

10^/10

webmonitor backdoor infostealer persistence rat upx

Static task

static1

Behavioral task

behavioral1

Sample

0b41b1f1d338b4b082a88a385334d4cc85b6b7ef582bf15c5bd104839f195348.exe

Resource

win7v20210408

webmonitor backdoor infostealer persistence rat upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0b41b1f1d338b4b082a88a385334d4cc85b6b7ef582bf15c5bd104839f195348.exe

Resource

win10v20210410

webmonitor backdoor infostealer persistence rat upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0b41b1f1d338b4b082a88a385334d4cc85b6b7ef582bf15c5bd104839f195348
- Size
  
  1.6MB
- MD5
  
  727c2d4c6016849316ae589295508acc
- SHA1
  
  9782d9c356d7c7f83a92daf941cd0e34b2301e32
- SHA256
  
  0b41b1f1d338b4b082a88a385334d4cc85b6b7ef582bf15c5bd104839f195348
- SHA512
  
  cf083b91c210cc43006410648d096519cc45f6d2db40f2980f4b2816784ddfa8cf2b40b5eec277e0986cd192d3285806293d17ffd944d3376e9fa6798324bab8
Score

10^/10

webmonitor backdoor infostealer persistence rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerpersistenceratupx

behavioral2

webmonitorbackdoorinfostealerpersistenceratupx

© 2018-2024

Terms | Privacy