Overview

overview

10

Static

static

FILE_2932NH_9923.exe

windows7_x64

10

FILE_2932NH_9923.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FILE_2932NH_9923.exe

  • Size

    1.9MB

  • Sample

    210721-2je3gknh7a

  • MD5

    1372b32848411ad39f19abe9d74b052f

  • SHA1

    b47548451a323c3ae62b25ee6b65f1fe76837639

  • SHA256

    7696274f6270b793b2dffc5b283a104be475d79b440500478780e24f6436fd5a

  • SHA512

    ed15a4855f25b2ff6a00c2e19c4def71aac1d27945d249dbb26718107dbe48a4c3176be1e07cd1f5de29b7d3aeffb2530fb89c70c0f1e9ba77dc0c9bd3396942

Score
10/10
webmonitorbackdoorinfostealerpersistencerat

Malware Config

Targets

    • Target

      FILE_2932NH_9923.exe

    • Size

      1.9MB

    • MD5

      1372b32848411ad39f19abe9d74b052f

    • SHA1

      b47548451a323c3ae62b25ee6b65f1fe76837639

    • SHA256

      7696274f6270b793b2dffc5b283a104be475d79b440500478780e24f6436fd5a

    • SHA512

      ed15a4855f25b2ff6a00c2e19c4def71aac1d27945d249dbb26718107dbe48a4c3176be1e07cd1f5de29b7d3aeffb2530fb89c70c0f1e9ba77dc0c9bd3396942

    Score
    10/10
    webmonitorbackdoorinfostealerpersistencerat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks