Overview

overview

10

Static

static

Goods240521.exe

windows7_x64

10

Goods240521.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Goods240521.exe

  • Size

    1.4MB

  • Sample

    210524-2f7c5a65g2

  • MD5

    13521ca08216f7aaa0541a2ad77aeb2f

  • SHA1

    3bb4bde4b535a15fc5d9bde3640f7243607efd96

  • SHA256

    a1492c16ac7f3a351538573eb52ef614e19cd137d28672d8117eead8da570660

  • SHA512

    0bd4357f46acc5944e699b1d1dfa9dd027bd9d7833be14dbabc626c9e7b7a2875455789a0b87f953d2a669dacf8040b1d8834b5f2923265de515389a2cb18a2c

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Targets

    • Target

      Goods240521.exe

    • Size

      1.4MB

    • MD5

      13521ca08216f7aaa0541a2ad77aeb2f

    • SHA1

      3bb4bde4b535a15fc5d9bde3640f7243607efd96

    • SHA256

      a1492c16ac7f3a351538573eb52ef614e19cd137d28672d8117eead8da570660

    • SHA512

      0bd4357f46acc5944e699b1d1dfa9dd027bd9d7833be14dbabc626c9e7b7a2875455789a0b87f953d2a669dacf8040b1d8834b5f2923265de515389a2cb18a2c

    Score
    10/10
    webmonitorbackdoorinfostealerpersistencerat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks