Overview

overview

10

Static

static

BjHM6PDDCwG9GvC.exe

windows7_x64

9

BjHM6PDDCwG9GvC.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BjHM6PDDCwG9GvC.exe

  • Size

    1.3MB

  • Sample

    210525-jajkyd35kx

  • MD5

    58753a65f6bcaf7b06217d456bd3fa1a

  • SHA1

    5031df39b31c8ceb0ad15e80156a2349c2fd5ade

  • SHA256

    d4511fa399217b186b74d425d5a0857ae7fe394c9993d76f79beccf2ecea92e2

  • SHA512

    47ba296df03054cf97a865d24de2ec87e20c9865963cdafa4eee86736e1af1003463d2b0623467d70756d286f9917d31a4a2deb9d0d8c28e7ed345f0b015fd35

Score
10/10
webmonitorbackdoorinfostealerrat

Malware Config

Targets

    • Target

      BjHM6PDDCwG9GvC.exe

    • Size

      1.3MB

    • MD5

      58753a65f6bcaf7b06217d456bd3fa1a

    • SHA1

      5031df39b31c8ceb0ad15e80156a2349c2fd5ade

    • SHA256

      d4511fa399217b186b74d425d5a0857ae7fe394c9993d76f79beccf2ecea92e2

    • SHA512

      47ba296df03054cf97a865d24de2ec87e20c9865963cdafa4eee86736e1af1003463d2b0623467d70756d286f9917d31a4a2deb9d0d8c28e7ed345f0b015fd35

    Score
    10/10
    webmonitorbackdoorinfostealerrat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks