Overview

overview

10

Static

static

250644fc77...bd.exe

windows7_x64

10

250644fc77...bd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    250644fc77d95c6dcaef531b0f351f5ce33bbfbd

  • Size

    1.8MB

  • Sample

    210729-x31ybvym2s

  • MD5

    a3a62c034f2eb97d3673d2a608073f7e

  • SHA1

    250644fc77d95c6dcaef531b0f351f5ce33bbfbd

  • SHA256

    167f23bd6318e7e1bbe296639468d866b2b457410daab0e6b941dac6bcc4563f

  • SHA512

    16c0b478ea9f1fcdeb9c13af022ac0f18879798eb7715aabd93446630dd0b9e3e9c3c1e31114657623c9c932502b99f41c1f3c52ede0306311f729810366ed71

Score
10/10
webmonitorbackdoorinfostealerratsuricata

Malware Config

Targets

    • Target

      250644fc77d95c6dcaef531b0f351f5ce33bbfbd

    • Size

      1.8MB

    • MD5

      a3a62c034f2eb97d3673d2a608073f7e

    • SHA1

      250644fc77d95c6dcaef531b0f351f5ce33bbfbd

    • SHA256

      167f23bd6318e7e1bbe296639468d866b2b457410daab0e6b941dac6bcc4563f

    • SHA512

      16c0b478ea9f1fcdeb9c13af022ac0f18879798eb7715aabd93446630dd0b9e3e9c3c1e31114657623c9c932502b99f41c1f3c52ede0306311f729810366ed71

    Score
    10/10
    webmonitorbackdoorinfostealerratsuricata

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

      suricata

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks