webmonitor | e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553 | Triage

Submit
Reports

Overview

overview

Static

static

e510da3919...53.exe

windows7_x64

e510da3919...53.exe

windows10-2004_x64

7

Sharing

General

Target

e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
Size

365KB
Sample

220524-t6882ahgg4
MD5

7bb890fdf757f2dca62acdfb2bb26ff9
SHA1

7fba93d7d5fe0250e736675a7ce85c6129341de6
SHA256

e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
SHA512

6021fab5a5ff2d10df93173c3fbfbbe64bed1bc15bcf3958c5bc152eb3fcd7b1fde7baac97cd52a1cb5cd75bbb94d6f09bb6dcc8bb694e048d3c95eff32048bb

Score

10^/10

webmonitor backdoor infostealer persistence rat suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553.exe

Resource

win7-20220414-en

webmonitor backdoor infostealer persistence rat suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

webmonitor

C2

windowsupdate.wm01.to:443

Attributes

config_key
wZ6IsN5IRQCrkMvW3mZxQ6qbw1Dn0lor
private_key
TwtUbBqhf
url_path
/recv5.php

Targets

- Target
  
  e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
- Size
  
  365KB
- MD5
  
  7bb890fdf757f2dca62acdfb2bb26ff9
- SHA1
  
  7fba93d7d5fe0250e736675a7ce85c6129341de6
- SHA256
  
  e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
- SHA512
  
  6021fab5a5ff2d10df93173c3fbfbbe64bed1bc15bcf3958c5bc152eb3fcd7b1fde7baac97cd52a1cb5cd75bbb94d6f09bb6dcc8bb694e048d3c95eff32048bb
Score

10^/10

webmonitor backdoor infostealer persistence rat suricata
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerpersistenceratsuricata

behavioral2

© 2018-2024

Terms | Privacy