Overview

overview

10

Static

static

Code.exe

windows7_x64

10

Code.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff264d7e1f11b7f9e9e01cb24a65c68a7414e4de91e6bcf178ba36ba106f7684

  • Size

    649KB

  • Sample

    220221-lajdqsggd4

  • MD5

    325d388e2625e047a3a51f00526a785c

  • SHA1

    e096409b36543891e9e3df7ab30829fe67b72856

  • SHA256

    ff264d7e1f11b7f9e9e01cb24a65c68a7414e4de91e6bcf178ba36ba106f7684

  • SHA512

    103ac0f6e8f037d317fba166d4d663e651b726e00493575c86e9a8a6f83c292ab89611d3e3f5f95dd1456699d95a23749276f707efd523336cd79901bd784080

Score
10/10
webmonitorbackdoorinfostealerpersistenceratupx

Malware Config

Extracted

Family

webmonitor

C2

ericpt.wm01.to:443

Attributes
  • config_key

    YmefzPZ4jwVJTOIYtP2HBKACzugd2Vme

  • private_key

    Bs4pqL3pA

  • url_path

    /recv5.php

Targets

    • Target

      Code.exe

    • Size

      1.1MB

    • MD5

      149fdf05fd2659a44f84b7bea4ef1a8e

    • SHA1

      84d65206243408b367ad0fd3234b8d26fc6e4314

    • SHA256

      2c2b9e423c5ae9ef99565d76a6d7d4b6d5e394f523539b447a633c803e9372a3

    • SHA512

      2d774b98d39c9571b6550c0de05c16991115199c639b5ca76b04477c420b4ade9c89b1c6c6eb4781012af36edb2dcaf3cc8c4d72c8c480d4e5472b4e8ab182d2

    Score
    10/10
    webmonitorbackdoorinfostealerpersistenceratupx

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks