Overview

overview

10

Static

static

Banking_co...73.exe

windows7_x64

10

Banking_co...73.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Banking_cordinates_928273.exe

  • Size

    1.9MB

  • Sample

    210809-694xn61wnj

  • MD5

    fac4b5a9c4f10517f44d4ae172f6473c

  • SHA1

    2304b22499e60fa87ea5f9d3fee5f6d9ecacf9ee

  • SHA256

    d6593053bda046cd96e0e5e508e0f57622c464738838b84984e35e683d46c414

  • SHA512

    6b8dc4430f6068eaac9d27e4f322d1ae921f56b9940e266ba44ed791917c37b14bb9cb1ea3b861da36d9efe44af7acf75264e19d60a5fb1e89deabd1afa1bdbc

Score
10/10
webmonitorbackdoorinfostealerpersistenceratsuricata

Malware Config

Targets

    • Target

      Banking_cordinates_928273.exe

    • Size

      1.9MB

    • MD5

      fac4b5a9c4f10517f44d4ae172f6473c

    • SHA1

      2304b22499e60fa87ea5f9d3fee5f6d9ecacf9ee

    • SHA256

      d6593053bda046cd96e0e5e508e0f57622c464738838b84984e35e683d46c414

    • SHA512

      6b8dc4430f6068eaac9d27e4f322d1ae921f56b9940e266ba44ed791917c37b14bb9cb1ea3b861da36d9efe44af7acf75264e19d60a5fb1e89deabd1afa1bdbc

    Score
    10/10
    webmonitorbackdoorinfostealerpersistenceratsuricata

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

      suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

      suricata

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks