Overview

overview

10

Static

static

HSBC_PAYME...df.exe

windows7_x64

10

HSBC_PAYME...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HSBC_PAYMENT_COPY.pdf.zip

  • Size

    1.2MB

  • Sample

    210806-3w49mtw7he

  • MD5

    66398d27801b947baded857a3a6ce4bb

  • SHA1

    af6271527447ab7ee3cb5bf15a0959ab8e158cf6

  • SHA256

    8bf574fdef05c875c39d97b0e8adcb166b9c34679e0d2e20c91f4aff176d75b6

  • SHA512

    5a7a34681cc3aae5f41c73fd900c4bb31a1f84fc7a7c4692030a07effea8e539dd854c856dbf131e895c8f0243b423fd7fec6fc6218909b69130a6909096df39

Score
10/10
webmonitorbackdoorinfostealerpersistenceratsuricata

Malware Config

Targets

    • Target

      HSBC_PAYMENT_COPY.pdf.exe

    • Size

      1.4MB

    • MD5

      08f2609e7f7daf0f78032f773a68b72c

    • SHA1

      f00e4c61cce15ee5f43c032d8d595aba65fbdc86

    • SHA256

      0ed8f93b98f9cfff89559df9e0a8d360cab3dde1abfa2992216b4a98c5ca1253

    • SHA512

      8c1ba503d2956ad0c60b11547908b81e601a3bfb2c75ae73c03718bd883ff94451b0697f915049614470d59388d161c02893ad90b48466f77fc154a20215da74

    Score
    10/10
    webmonitorbackdoorinfostealerpersistenceratsuricata

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

      suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

      suricata

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks