webmonitor | 8bf574fdef05c875c39d97b0e8adcb166b9c34679e0d2e20c91f4aff176d75b6 | Triage

Submit
Reports

Overview

overview

Static

static

HSBC_PAYME...df.exe

windows7_x64

HSBC_PAYME...df.exe

windows10_x64

Sharing

General

Target

HSBC_PAYMENT_COPY.pdf.zip
Size

1.2MB
Sample

210806-3w49mtw7he
MD5

66398d27801b947baded857a3a6ce4bb
SHA1

af6271527447ab7ee3cb5bf15a0959ab8e158cf6
SHA256

8bf574fdef05c875c39d97b0e8adcb166b9c34679e0d2e20c91f4aff176d75b6
SHA512

5a7a34681cc3aae5f41c73fd900c4bb31a1f84fc7a7c4692030a07effea8e539dd854c856dbf131e895c8f0243b423fd7fec6fc6218909b69130a6909096df39

Score

10^/10

webmonitor backdoor infostealer persistence rat suricata

Static task

static1

Behavioral task

behavioral1

Sample

HSBC_PAYMENT_COPY.pdf.exe

Resource

win7v20210410

webmonitor backdoor infostealer persistence rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

HSBC_PAYMENT_COPY.pdf.exe

Resource

win10v20210408

webmonitor backdoor infostealer rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  HSBC_PAYMENT_COPY.pdf.exe
- Size
  
  1.4MB
- MD5
  
  08f2609e7f7daf0f78032f773a68b72c
- SHA1
  
  f00e4c61cce15ee5f43c032d8d595aba65fbdc86
- SHA256
  
  0ed8f93b98f9cfff89559df9e0a8d360cab3dde1abfa2992216b4a98c5ca1253
- SHA512
  
  8c1ba503d2956ad0c60b11547908b81e601a3bfb2c75ae73c03718bd883ff94451b0697f915049614470d59388d161c02893ad90b48466f77fc154a20215da74
Score

10^/10

webmonitor backdoor infostealer persistence rat suricata
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor Payload
- suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerpersistenceratsuricata

behavioral2

webmonitorbackdoorinfostealerrat

© 2018-2024

Terms | Privacy