Overview

overview

10

Static

static

DHL_PACKAG...df.exe

windows7_x64

10

DHL_PACKAG...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL_PACKAGE_HD98232.pdf.exe

  • Size

    1.3MB

  • Sample

    210708-5bxy4jk1gn

  • MD5

    0e72b26fbd7f27c2753c02193337c280

  • SHA1

    fc000dd71eeace99e08c54e6a8ec6d578c80ed20

  • SHA256

    6095dd10965d4e081e87c366736e0305b7d42f84dbdb10471bcedacfe145f7a5

  • SHA512

    0f222aef8358f3a712871316eb9aa1c24efc36c90396701c4cbae558a3e52bab6c6acedd2a21555e914204fab47f30b586a6322a81fa925042c05eda4ec34950

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Targets

    • Target

      DHL_PACKAGE_HD98232.pdf.exe

    • Size

      1.3MB

    • MD5

      0e72b26fbd7f27c2753c02193337c280

    • SHA1

      fc000dd71eeace99e08c54e6a8ec6d578c80ed20

    • SHA256

      6095dd10965d4e081e87c366736e0305b7d42f84dbdb10471bcedacfe145f7a5

    • SHA512

      0f222aef8358f3a712871316eb9aa1c24efc36c90396701c4cbae558a3e52bab6c6acedd2a21555e914204fab47f30b586a6322a81fa925042c05eda4ec34950

    Score
    10/10
    webmonitorbackdoorinfostealerpersistencerat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks