General

  • Target

    BANK DETAILS.pdf.exe

  • Size

    1.2MB

  • Sample

    210701-xgpwjnvva2

  • MD5

    d168a301aeea42495bfa790ed012223b

  • SHA1

    aa6ace276b374e41a5ec7ad7bd6cf09722756027

  • SHA256

    15003064a4b6d326954815712d6468af76d413335470092fbd820b02745d3e02

  • SHA512

    4e573a7340ee262aead7b9e683e6cf30aa8e03ba2a47ff6ba3d6121698e834172593100da2c05c728f7c87f2e231da4b76979c042278c7f88cf094825ae67c5b

Malware Config

Targets

    • Target

      BANK DETAILS.pdf.exe

    • Size

      1.2MB

    • MD5

      d168a301aeea42495bfa790ed012223b

    • SHA1

      aa6ace276b374e41a5ec7ad7bd6cf09722756027

    • SHA256

      15003064a4b6d326954815712d6468af76d413335470092fbd820b02745d3e02

    • SHA512

      4e573a7340ee262aead7b9e683e6cf30aa8e03ba2a47ff6ba3d6121698e834172593100da2c05c728f7c87f2e231da4b76979c042278c7f88cf094825ae67c5b

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    • WebMonitor Payload

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks