webmonitor | 018854e265b335fe5e9f18c5672403194a8ec7205b0567bc0652fb3f415b8ea8 | Triage

Submit
Reports

Overview

overview

Static

static

018854e265...a8.exe

windows7_x64

018854e265...a8.exe

windows10-2004_x64

Sharing

General

Target

018854e265b335fe5e9f18c5672403194a8ec7205b0567bc0652fb3f415b8ea8
Size

660KB
Sample

220523-xyqy9scgh8
MD5

ca45b0ed9b7c08d5d4dd574aba5a7d0d
SHA1

5e6560732977f4d1fe113c169325a29fceaedff5
SHA256

018854e265b335fe5e9f18c5672403194a8ec7205b0567bc0652fb3f415b8ea8
SHA512

e1939eb2ffafb5fc9929fb9b6696430562b67e68c8ae7613de07e9aba0c4918aade6ab1ddabb812cf419028ac785b4353707fbac68f232f60be813ff956c56dd

Score

10^/10

webmonitor backdoor infostealer rat suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

018854e265b335fe5e9f18c5672403194a8ec7205b0567bc0652fb3f415b8ea8.exe

Resource

win7-20220414-en

webmonitor backdoor infostealer rat suricata upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

018854e265b335fe5e9f18c5672403194a8ec7205b0567bc0652fb3f415b8ea8.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

webmonitor

C2

irvingl.wm01.to:443

Attributes

config_key
YuqeS5by2ufBLEJpyKzIQI11b9BK1C9y
private_key
AYZWTd6Xn
url_path
/recv4.php

Targets

- Target
  
  018854e265b335fe5e9f18c5672403194a8ec7205b0567bc0652fb3f415b8ea8
- Size
  
  660KB
- MD5
  
  ca45b0ed9b7c08d5d4dd574aba5a7d0d
- SHA1
  
  5e6560732977f4d1fe113c169325a29fceaedff5
- SHA256
  
  018854e265b335fe5e9f18c5672403194a8ec7205b0567bc0652fb3f415b8ea8
- SHA512
  
  e1939eb2ffafb5fc9929fb9b6696430562b67e68c8ae7613de07e9aba0c4918aade6ab1ddabb812cf419028ac785b4353707fbac68f232f60be813ff956c56dd
Score

10^/10

webmonitor backdoor infostealer rat suricata upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor Payload
- suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerratsuricataupx

behavioral2

© 2018-2024

Terms | Privacy