Overview

overview

10

Static

static

BANK DETAILS.pdf.exe

windows7_x64

10

BANK DETAILS.pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BANK DETAILS.pdf.exe

  • Size

    1.2MB

  • Sample

    210701-xgpwjnvva2

  • MD5

    d168a301aeea42495bfa790ed012223b

  • SHA1

    aa6ace276b374e41a5ec7ad7bd6cf09722756027

  • SHA256

    15003064a4b6d326954815712d6468af76d413335470092fbd820b02745d3e02

  • SHA512

    4e573a7340ee262aead7b9e683e6cf30aa8e03ba2a47ff6ba3d6121698e834172593100da2c05c728f7c87f2e231da4b76979c042278c7f88cf094825ae67c5b

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Targets

    • Target

      BANK DETAILS.pdf.exe

    • Size

      1.2MB

    • MD5

      d168a301aeea42495bfa790ed012223b

    • SHA1

      aa6ace276b374e41a5ec7ad7bd6cf09722756027

    • SHA256

      15003064a4b6d326954815712d6468af76d413335470092fbd820b02745d3e02

    • SHA512

      4e573a7340ee262aead7b9e683e6cf30aa8e03ba2a47ff6ba3d6121698e834172593100da2c05c728f7c87f2e231da4b76979c042278c7f88cf094825ae67c5b

    Score
    10/10
    webmonitorbackdoorinfostealerpersistencerat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks