Overview

overview

10

Static

static

DHL_PACKAG...df.exe

windows7_x64

10

DHL_PACKAG...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL_PACKAGE_HD98232.pdf.001

  • Size

    1.1MB

  • Sample

    210708-7ez774m5w2

  • MD5

    b97ef142d18371524053f1f302b2f195

  • SHA1

    d08898414e78ddc5e1cb5217efa28a012652ea53

  • SHA256

    5777f5810423f9e0bc678ef97b0fef98a843d7e90e4257819850c0ef12ac8055

  • SHA512

    b18226cb8c6f6ede08edf4d30c3b7b896acb8e49fc9d83549fc354acf68ad5181ff6d822cbd88e02f834623a0ef292d72e08961ec133325d5cd9f2f34e3d8a32

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Targets

    • Target

      DHL_PACKAGE_HD98232.pdf.exe

    • Size

      1.3MB

    • MD5

      0e72b26fbd7f27c2753c02193337c280

    • SHA1

      fc000dd71eeace99e08c54e6a8ec6d578c80ed20

    • SHA256

      6095dd10965d4e081e87c366736e0305b7d42f84dbdb10471bcedacfe145f7a5

    • SHA512

      0f222aef8358f3a712871316eb9aa1c24efc36c90396701c4cbae558a3e52bab6c6acedd2a21555e914204fab47f30b586a6322a81fa925042c05eda4ec34950

    Score
    10/10
    webmonitorbackdoorinfostealerpersistencerat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks