webmonitor | 396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc | Triage

Submit
Reports

Overview

overview

Static

static

396b8a398d...fc.exe

windows7_x64

396b8a398d...fc.exe

windows10-2004_x64

Sharing

General

Target

396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
Size

819KB
Sample

220625-mmlkasaha2
MD5

5565f0e1f3d19760c449fc3b01a61a45
SHA1

0c62e6457299dce75b66db6965c4c1f13f4cb663
SHA256

396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
SHA512

36150a9ee821325bbe7dd03417feecdd546777ad19c2c6c11404e2233521b5ee4faf831bbc9a8ac2a136f51197016cf065207b9535a8cd21da7bdbec9b281259

Score

10^/10

webmonitor backdoor infostealer rat suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc.exe

Resource

win7-20220414-en

webmonitor backdoor infostealer rat suricata upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc.exe

Resource

win10v2004-20220414-en

webmonitor backdoor infostealer rat suricata upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

webmonitor

C2

arglobal.wm01.to:443

Attributes

config_key
ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4
private_key
X2HBeL4iM
url_path
/recv4.php

Targets

- Target
  
  396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
- Size
  
  819KB
- MD5
  
  5565f0e1f3d19760c449fc3b01a61a45
- SHA1
  
  0c62e6457299dce75b66db6965c4c1f13f4cb663
- SHA256
  
  396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
- SHA512
  
  36150a9ee821325bbe7dd03417feecdd546777ad19c2c6c11404e2233521b5ee4faf831bbc9a8ac2a136f51197016cf065207b9535a8cd21da7bdbec9b281259
Score

10^/10

webmonitor backdoor infostealer rat suricata upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor Payload
- suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerratsuricataupx

behavioral2

webmonitorbackdoorinfostealerratsuricataupx

© 2018-2024

Terms | Privacy