webmonitor | 17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80 | Triage

Submit
Reports

Overview

overview

Static

static

17453e7215...80.exe

windows7_x64

1

17453e7215...80.exe

windows10-2004_x64

Sharing

General

Target

17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80
Size

840KB
Sample

220625-c7l2fsbagp
MD5

8a2123d4809ffdc677df37b88d58769c
SHA1

4138f2da78ccf7ed3a07d455fddb367f59568d04
SHA256

17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80
SHA512

632870596e6f41adefce8a6589ee75b9df1ab483e619d2a2e555f6878a48007c5a38267c576ef3b056559d5348994427e46690034a59388aeee910f4fa93f671

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

Behavioral task

behavioral1

Sample

17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80.exe

Resource

win10v2004-20220414-en

webmonitor backdoor infostealer rat upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

webmonitor

C2

mafianclub.wm01.to:443

Attributes

config_key
msK8483mYp1k2OzxD1I3yoSUcNW7v1k5
private_key
WB8PgMeHa
url_path
/recv5.php

Targets

- Target
  
  17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80
- Size
  
  840KB
- MD5
  
  8a2123d4809ffdc677df37b88d58769c
- SHA1
  
  4138f2da78ccf7ed3a07d455fddb367f59568d04
- SHA256
  
  17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80
- SHA512
  
  632870596e6f41adefce8a6589ee75b9df1ab483e619d2a2e555f6878a48007c5a38267c576ef3b056559d5348994427e46690034a59388aeee910f4fa93f671
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor Payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy