General

  • Target

    BjHM6PDDCwG9GvC.exe

  • Size

    1.3MB

  • Sample

    210525-jajkyd35kx

  • MD5

    58753a65f6bcaf7b06217d456bd3fa1a

  • SHA1

    5031df39b31c8ceb0ad15e80156a2349c2fd5ade

  • SHA256

    d4511fa399217b186b74d425d5a0857ae7fe394c9993d76f79beccf2ecea92e2

  • SHA512

    47ba296df03054cf97a865d24de2ec87e20c9865963cdafa4eee86736e1af1003463d2b0623467d70756d286f9917d31a4a2deb9d0d8c28e7ed345f0b015fd35

Malware Config

Targets

    • Target

      BjHM6PDDCwG9GvC.exe

    • Size

      1.3MB

    • MD5

      58753a65f6bcaf7b06217d456bd3fa1a

    • SHA1

      5031df39b31c8ceb0ad15e80156a2349c2fd5ade

    • SHA256

      d4511fa399217b186b74d425d5a0857ae7fe394c9993d76f79beccf2ecea92e2

    • SHA512

      47ba296df03054cf97a865d24de2ec87e20c9865963cdafa4eee86736e1af1003463d2b0623467d70756d286f9917d31a4a2deb9d0d8c28e7ed345f0b015fd35

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    • WebMonitor Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks