Overview

overview

10

Static

static

PREVIOUS C...df.exe

windows7_x64

10

PREVIOUS C...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PREVIOUS CONVERSATION.pdf.exe

  • Size

    2.2MB

  • Sample

    211206-ndqckaggb4

  • MD5

    28241aafe5b6018c984e310c33e9e48b

  • SHA1

    d126c0cf51a98d9f3bd38efa6e61d4091104c624

  • SHA256

    9e6563c2c5e8a869bfdbf4ff1336bf2abcd238695d87f79a01b308216acc9cb5

  • SHA512

    730ae328d0cc82be717d24130073d8a3d0ec8e3b118e88dcb2b13071499c2efa03cf98905be68b2bc041a3245d792a113403272f67052963f3c4baeae15d0c98

Score
10/10
webmonitorbackdoorinfostealerrat

Malware Config

Extracted

Family

webmonitor

C2

niiarmah.wm01.to:443

Attributes
  • config_key

    4EcDHH7aWbl50LayUnuRlJWUXiKQWk0O

  • private_key

    yvkn5wM8E

  • url_path

    /recv5.php

Targets

    • Target

      PREVIOUS CONVERSATION.pdf.exe

    • Size

      2.2MB

    • MD5

      28241aafe5b6018c984e310c33e9e48b

    • SHA1

      d126c0cf51a98d9f3bd38efa6e61d4091104c624

    • SHA256

      9e6563c2c5e8a869bfdbf4ff1336bf2abcd238695d87f79a01b308216acc9cb5

    • SHA512

      730ae328d0cc82be717d24130073d8a3d0ec8e3b118e88dcb2b13071499c2efa03cf98905be68b2bc041a3245d792a113403272f67052963f3c4baeae15d0c98

    Score
    10/10
    webmonitorbackdoorinfostealerrat

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks