webmonitor | e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553

General

Target

e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
Size

365KB
Sample

220524-t6882ahgg4
MD5

7bb890fdf757f2dca62acdfb2bb26ff9
SHA1

7fba93d7d5fe0250e736675a7ce85c6129341de6
SHA256

e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
SHA512

6021fab5a5ff2d10df93173c3fbfbbe64bed1bc15bcf3958c5bc152eb3fcd7b1fde7baac97cd52a1cb5cd75bbb94d6f09bb6dcc8bb694e048d3c95eff32048bb

Score

10^/10

Malware Config

Extracted

Family

webmonitor

C2

windowsupdate.wm01.to:443

Attributes

config_key
wZ6IsN5IRQCrkMvW3mZxQ6qbw1Dn0lor
private_key
TwtUbBqhf
url_path
/recv5.php

Targets

- Target
  
  e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
- Size
  
  365KB
- MD5
  
  7bb890fdf757f2dca62acdfb2bb26ff9
- SHA1
  
  7fba93d7d5fe0250e736675a7ce85c6129341de6
- SHA256
  
  e510da3919bd636fcc0b09a3f00355175b660761fe0481809a8cef06d305f553
- SHA512
  
  6021fab5a5ff2d10df93173c3fbfbbe64bed1bc15bcf3958c5bc152eb3fcd7b1fde7baac97cd52a1cb5cd75bbb94d6f09bb6dcc8bb694e048d3c95eff32048bb
Score

10^/10

webmonitor backdoor infostealer persistence rat suricata
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RevcodeRat, WebMonitorRat

suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

Checks computer location settings

Unexpected DNS network traffic destination

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2