webmonitor | 2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596 | Triage

Submit
Reports

Overview

overview

Static

static

2737ad9cc9...96.exe

windows7_x64

2737ad9cc9...96.exe

windows10-2004_x64

Sharing

General

Target

2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596
Size

298KB
Sample

220419-p2yvaacef9
MD5

d624b833b5852fee03fa71b1f0188b91
SHA1

e849bf579e9e27b75478f544f9c760fee46d30d7
SHA256

2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596
SHA512

847d1bac3f055cb481879ae54357501a4858160f1c1b2c8fdfe540b7fd63d056171865a8a28e213f24de646b0489776dc1fb5b4cf604b5c5257703e213aa5e6d

Score

10^/10

webmonitor backdoor infostealer persistence rat upx

Static task

static1

Behavioral task

behavioral1

Sample

2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe

Resource

win7-20220414-en

webmonitor backdoor infostealer persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe

Resource

win10v2004-20220414-en

webmonitor backdoor infostealer persistence rat

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

webmonitor

C2

fay007.wm01.to:443

Attributes

config_key
LBQfJrFgUVHmlbfJUp1Fbu4mGo2YJ0rG
private_key
BghO9pIGP
url_path
/recv4.php

Targets

- Target
  
  2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596
- Size
  
  298KB
- MD5
  
  d624b833b5852fee03fa71b1f0188b91
- SHA1
  
  e849bf579e9e27b75478f544f9c760fee46d30d7
- SHA256
  
  2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596
- SHA512
  
  847d1bac3f055cb481879ae54357501a4858160f1c1b2c8fdfe540b7fd63d056171865a8a28e213f24de646b0489776dc1fb5b4cf604b5c5257703e213aa5e6d
Score

10^/10

webmonitor backdoor infostealer persistence rat
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerpersistencerat

behavioral2

webmonitorbackdoorinfostealerpersistencerat

© 2018-2024

Terms | Privacy