Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
19-04-2022 12:50
Static task
static1
Behavioral task
behavioral1
Sample
2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe
Resource
win10v2004-20220414-en
General
-
Target
2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe
-
Size
298KB
-
MD5
d624b833b5852fee03fa71b1f0188b91
-
SHA1
e849bf579e9e27b75478f544f9c760fee46d30d7
-
SHA256
2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596
-
SHA512
847d1bac3f055cb481879ae54357501a4858160f1c1b2c8fdfe540b7fd63d056171865a8a28e213f24de646b0489776dc1fb5b4cf604b5c5257703e213aa5e6d
Malware Config
Signatures
-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
Unexpected DNS network traffic destination 6 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 1.2.4.8 Destination IP 185.243.215.214 Destination IP 114.114.114.114 Destination IP 185.243.215.214 Destination IP 185.243.215.214 Destination IP 1.2.4.8 -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\WebMonitor-3033 = "C:\\Users\\Admin\\AppData\\Roaming\\WebMonitor-3033.exe" 2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1708 2737ad9cc96e5de2eb6168b13797a46771b897ed3e2ebd5f1b68da0a8b065596.exe