General

  • Target

    250644fc77d95c6dcaef531b0f351f5ce33bbfbd

  • Size

    1.8MB

  • Sample

    210729-x31ybvym2s

  • MD5

    a3a62c034f2eb97d3673d2a608073f7e

  • SHA1

    250644fc77d95c6dcaef531b0f351f5ce33bbfbd

  • SHA256

    167f23bd6318e7e1bbe296639468d866b2b457410daab0e6b941dac6bcc4563f

  • SHA512

    16c0b478ea9f1fcdeb9c13af022ac0f18879798eb7715aabd93446630dd0b9e3e9c3c1e31114657623c9c932502b99f41c1f3c52ede0306311f729810366ed71

Malware Config

Targets

    • Target

      250644fc77d95c6dcaef531b0f351f5ce33bbfbd

    • Size

      1.8MB

    • MD5

      a3a62c034f2eb97d3673d2a608073f7e

    • SHA1

      250644fc77d95c6dcaef531b0f351f5ce33bbfbd

    • SHA256

      167f23bd6318e7e1bbe296639468d866b2b457410daab0e6b941dac6bcc4563f

    • SHA512

      16c0b478ea9f1fcdeb9c13af022ac0f18879798eb7715aabd93446630dd0b9e3e9c3c1e31114657623c9c932502b99f41c1f3c52ede0306311f729810366ed71

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    • WebMonitor Payload

    • suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks