Overview

overview

10

Static

static

8oWCLvjJR6...in.exe

windows7_x64

10

8oWCLvjJR6...in.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8oWCLvjJR6h_VWhYqDMu0m7doFLll8Z6eDF1PDduAbQ.bin

  • Size

    515KB

  • Sample

    210617-15mkjrk87e

  • MD5

    c34157e025416d3ddf0a8610fa2e8b98

  • SHA1

    03005c0c1469b7dbe9eff095bfd3ecbc3a713811

  • SHA256

    f285822ef8c947a87e556858a8332ed26edda052e597c67a7831753c376e01b4

  • SHA512

    16de23d61d7dad4f239980ac02aa765be38bc42647c63ede13441a73c002bd0b91a4681159cca9170f41fa003a7725926b61c09a124fec700028de7c425679cd

Score
10/10
webmonitorbackdoorinfostealerpersistenceratupx

Malware Config

Targets

    • Target

      8oWCLvjJR6h_VWhYqDMu0m7doFLll8Z6eDF1PDduAbQ.bin

    • Size

      515KB

    • MD5

      c34157e025416d3ddf0a8610fa2e8b98

    • SHA1

      03005c0c1469b7dbe9eff095bfd3ecbc3a713811

    • SHA256

      f285822ef8c947a87e556858a8332ed26edda052e597c67a7831753c376e01b4

    • SHA512

      16de23d61d7dad4f239980ac02aa765be38bc42647c63ede13441a73c002bd0b91a4681159cca9170f41fa003a7725926b61c09a124fec700028de7c425679cd

    Score
    10/10
    webmonitorbackdoorinfostealerpersistenceratupx

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks