Overview

overview

10

Static

static

ApowerREC.exe

windows10_x64

10

Resubmissions

23-09-2021 13:59

210923-ractvaefc5 8

22-08-2021 12:44

210822-vqqzsf2ch6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ApowerREC SAMPLE.zip

  • Size

    8.5MB

  • Sample

    210822-vqqzsf2ch6

  • MD5

    3a0c5fecda65655e852f8756a0e708ff

  • SHA1

    cf585a4a8cc299f0ffc2076d736bc6295283eb44

  • SHA256

    1f19a803e4e003dc2ddb14183beb84fce2169dc84b67811bf002e83a3bfe2329

  • SHA512

    456e76fab8177bde0009a15e633dc740bf5394e5ce77de746c056e3cb088162f81bb910eb21706cd3903d3b4f3e59923fbbf3ff1d31bc4074a1ec666e4f176d3

Score
10/10
webmonitorbackdoorinfostealerpersistenceratupx

Malware Config

Targets

    • Target

      ApowerREC.exe

    • Size

      8.9MB

    • MD5

      810be064429970190268a24af354a2f1

    • SHA1

      f5e17599a9c30a9eada1dcb276b888bdeffd037d

    • SHA256

      7edf30b359be3f27c9e7313352bc2d4cccb0e36010b34633646ea4823a70a82b

    • SHA512

      d385f16cb89fff66926770768d34686963dededf2fe47cb3889fc1ab9ae791c9067b76d78d0f5b58f2a29d9bdb2e709a672d560c97cf34e1834230b322c157b0

    Score
    10/10
    webmonitorbackdoorinfostealerpersistenceratupx

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks