webmonitor | 98c04d9dbe5fcb2d920502beeb6dd342459d0d2ee48ad06402d538c8cdeb806a | Triage

Submit
Reports

Overview

overview

Static

static

98c04d9dbe...6a.exe

windows7_x64

98c04d9dbe...6a.exe

windows10-2004_x64

1

Sharing

General

Target

98c04d9dbe5fcb2d920502beeb6dd342459d0d2ee48ad06402d538c8cdeb806a
Size

1.6MB
Sample

220319-vm4d4seec4
MD5

a8004453810b0b62da1aa007091ce3e2
SHA1

d8eab7301e6ac2ac9a24f6395e4024e04e15697d
SHA256

98c04d9dbe5fcb2d920502beeb6dd342459d0d2ee48ad06402d538c8cdeb806a
SHA512

c6cb7c15b0b0b17d383853e072dd77ca7bd32d2698add1d5277ebb144cc4c0bc60164723e63c9e768129059b160ff7f7a7bf3d33eecf4fdd5ab4362272ec4ae6

Score

10^/10

webmonitor backdoor evasion infostealer rat upx

Static task

static1

Behavioral task

behavioral1

Sample

98c04d9dbe5fcb2d920502beeb6dd342459d0d2ee48ad06402d538c8cdeb806a.exe

Resource

win7-20220311-en

webmonitor backdoor evasion infostealer rat upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

98c04d9dbe5fcb2d920502beeb6dd342459d0d2ee48ad06402d538c8cdeb806a.exe

Resource

win10v2004-20220310-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  98c04d9dbe5fcb2d920502beeb6dd342459d0d2ee48ad06402d538c8cdeb806a
- Size
  
  1.6MB
- MD5
  
  a8004453810b0b62da1aa007091ce3e2
- SHA1
  
  d8eab7301e6ac2ac9a24f6395e4024e04e15697d
- SHA256
  
  98c04d9dbe5fcb2d920502beeb6dd342459d0d2ee48ad06402d538c8cdeb806a
- SHA512
  
  c6cb7c15b0b0b17d383853e072dd77ca7bd32d2698add1d5277ebb144cc4c0bc60164723e63c9e768129059b160ff7f7a7bf3d33eecf4fdd5ab4362272ec4ae6
Score

10^/10

webmonitor backdoor evasion infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor Payload
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorevasioninfostealerratupx

behavioral2

© 2018-2024

Terms | Privacy