Overview

overview

10

Static

static

040c45babc...2a.exe

windows7_x64

10

040c45babc...2a.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    15-05-2021 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    040c45babc21c9d265f313350132ea4b6fda7765e6ff41a953624abbd418b32a.exe

  • Size

    746KB

  • MD5

    3dfd779873c3aa2e48ca25add371d73e

  • SHA1

    487e18f213332a8f92e8b1ab2449f35eec66931c

  • SHA256

    040c45babc21c9d265f313350132ea4b6fda7765e6ff41a953624abbd418b32a

  • SHA512

    fabb550f212b162a709d44ce39c23c4fbf7c5da264cdd49eccbb5752a773b04cf085ab210b8ebd01f8da762401f322e42dc4f5799beaa477f9620226a1997e8e

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Signatures

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    backdoorratinfostealerwebmonitor
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\040c45babc21c9d265f313350132ea4b6fda7765e6ff41a953624abbd418b32a.exe
    "C:\Users\Admin\AppData\Local\Temp\040c45babc21c9d265f313350132ea4b6fda7765e6ff41a953624abbd418b32a.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: RenamesItself
    PID:1924

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1924-60-0x0000000076691000-0x0000000076693000-memory.dmp
    Filesize

    8KB

    Download