Overview

overview

10

Static

static

MATCH_OUTS...LL.exe

windows7_x64

10

MATCH_OUTS...LL.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MATCH_OUTSTANDING_BILL.exe

  • Size

    1.3MB

  • Sample

    210621-p9d6tlbc4s

  • MD5

    bd35dd1bc38521c4feb42f5ca266900c

  • SHA1

    72ff48fbd0d0db7ee83e90edee6d90eee6719a57

  • SHA256

    968cf1954069babdf367259271ba34fc1e149a18255c45fc8138d0da2b3dd413

  • SHA512

    06aa1b4ad24c9ccfab98cc71c4ee6c88e4e4375b8641f738eebbeb0c8c67719f7596de47935597f894a36934b1cb6364c9ffbb6910ddea6e92182ddae4959ab1

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Targets

    • Target

      MATCH_OUTSTANDING_BILL.exe

    • Size

      1.3MB

    • MD5

      bd35dd1bc38521c4feb42f5ca266900c

    • SHA1

      72ff48fbd0d0db7ee83e90edee6d90eee6719a57

    • SHA256

      968cf1954069babdf367259271ba34fc1e149a18255c45fc8138d0da2b3dd413

    • SHA512

      06aa1b4ad24c9ccfab98cc71c4ee6c88e4e4375b8641f738eebbeb0c8c67719f7596de47935597f894a36934b1cb6364c9ffbb6910ddea6e92182ddae4959ab1

    Score
    10/10
    webmonitorbackdoorinfostealerpersistencerat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks