Overview

overview

10

Static

static

3dc3c502ad...d4.exe

windows7_x64

10

3dc3c502ad...d4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dc3c502ad14aceb3d6b686de8c5b4364d83a2bc4f6bb46c1951a41432ecbad4

  • Size

    847KB

  • Sample

    220701-rxstkshhf5

  • MD5

    e3f248b8468a9d57209794923b560237

  • SHA1

    27b209c9b50e891d1d5975cc79ed910a263c9cec

  • SHA256

    3dc3c502ad14aceb3d6b686de8c5b4364d83a2bc4f6bb46c1951a41432ecbad4

  • SHA512

    5f3302de21003d249bab7b5c87bf69f2d02126211b58725cacc27114c47ce282c0845654feaf01fc6cef07ddeb4ca0d6dff298f23671b1455c1b50da622d15d2

Score
10/10
webmonitorbackdoorinfostealerpersistenceratupx

Malware Config

Extracted

Family

webmonitor

C2

arglobal.wm01.to:443

Attributes
  • config_key

    ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4

  • private_key

    X2HBeL4iM

  • url_path

    /recv4.php

Targets

    • Target

      3dc3c502ad14aceb3d6b686de8c5b4364d83a2bc4f6bb46c1951a41432ecbad4

    • Size

      847KB

    • MD5

      e3f248b8468a9d57209794923b560237

    • SHA1

      27b209c9b50e891d1d5975cc79ed910a263c9cec

    • SHA256

      3dc3c502ad14aceb3d6b686de8c5b4364d83a2bc4f6bb46c1951a41432ecbad4

    • SHA512

      5f3302de21003d249bab7b5c87bf69f2d02126211b58725cacc27114c47ce282c0845654feaf01fc6cef07ddeb4ca0d6dff298f23671b1455c1b50da622d15d2

    Score
    10/10
    webmonitorbackdoorinfostealerpersistenceratupx

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks