Overview

overview

10

Static

static

BANKING_DETAILS..exe

windows7_x64

10

BANKING_DETAILS..exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BANKING_DETAILS..exe

  • Size

    1.6MB

  • Sample

    210714-fl64kxdfx2

  • MD5

    2d29230b77724882289e74bb9e69b95d

  • SHA1

    4be47bbd5110c38b3312ab232570051f6335b65b

  • SHA256

    84d9088f856e12f998ce324510f185b9e6939c8d1cb2cdb46eb9b38baf879619

  • SHA512

    eba2141dc9f1d40cfd60efb861f01d7dcf3e45fe17858e1a336c8a618e88ba4c077a73bd9374f7102d681adc98ebb43279dd13eb0974f272eac90bcfbe2f1a70

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Targets

    • Target

      BANKING_DETAILS..exe

    • Size

      1.6MB

    • MD5

      2d29230b77724882289e74bb9e69b95d

    • SHA1

      4be47bbd5110c38b3312ab232570051f6335b65b

    • SHA256

      84d9088f856e12f998ce324510f185b9e6939c8d1cb2cdb46eb9b38baf879619

    • SHA512

      eba2141dc9f1d40cfd60efb861f01d7dcf3e45fe17858e1a336c8a618e88ba4c077a73bd9374f7102d681adc98ebb43279dd13eb0974f272eac90bcfbe2f1a70

    Score
    10/10
    webmonitorbackdoorinfostealerpersistencerat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks