webmonitor | 23b85462863143f527065ecde8e2bcbc15c649006af98ec57e1ea44b22fdf291 | Triage

Submit
Reports

Overview

overview

Static

static

23b8546286...91.exe

windows7_x64

23b8546286...91.exe

windows10-2004_x64

Sharing

General

Target

23b85462863143f527065ecde8e2bcbc15c649006af98ec57e1ea44b22fdf291
Size

1.6MB
Sample

220319-s9rbysdbb9
MD5

4ad2d9ba4a521a8b2b384ffdc05bb11b
SHA1

78090aae744b92d4064f144fd934e1dc217f4f97
SHA256

23b85462863143f527065ecde8e2bcbc15c649006af98ec57e1ea44b22fdf291
SHA512

90058d6792525d885f3dd20dc09ff06c5043106897c886d15eb794023e254734aa23220e74a028ec97755e18db8a4b1c259413b9cc6059848e078726846d0412

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

Behavioral task

behavioral1

Sample

23b85462863143f527065ecde8e2bcbc15c649006af98ec57e1ea44b22fdf291.exe

Resource

win7-20220311-en

webmonitor backdoor infostealer rat upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

23b85462863143f527065ecde8e2bcbc15c649006af98ec57e1ea44b22fdf291.exe

Resource

win10v2004-en-20220113

webmonitor backdoor infostealer rat upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  23b85462863143f527065ecde8e2bcbc15c649006af98ec57e1ea44b22fdf291
- Size
  
  1.6MB
- MD5
  
  4ad2d9ba4a521a8b2b384ffdc05bb11b
- SHA1
  
  78090aae744b92d4064f144fd934e1dc217f4f97
- SHA256
  
  23b85462863143f527065ecde8e2bcbc15c649006af98ec57e1ea44b22fdf291
- SHA512
  
  90058d6792525d885f3dd20dc09ff06c5043106897c886d15eb794023e254734aa23220e74a028ec97755e18db8a4b1c259413b9cc6059848e078726846d0412
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor Payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerratupx

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy