webmonitor | 6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352

General

Target

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352
Size

1.5MB
Sample

220708-kapebahbdr
MD5

88c8dff86057cf7f4d3fb28f8b35ab39
SHA1

9dfa799ac2d6f228e81520fa5103f3fc1c077bdf
SHA256

6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352
SHA512

6f74304a2b5b754ccfa55968cd5c1e798c34861cca067e23629da19cd61a68a43c3e918b6f46158a78d3a1c49d6b2260a2ace4d359d199543948b6aadc857c6c

Score

10^/10

Malware Config

Targets

- Target
  
  6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352
- Size
  
  1.5MB
- MD5
  
  88c8dff86057cf7f4d3fb28f8b35ab39
- SHA1
  
  9dfa799ac2d6f228e81520fa5103f3fc1c077bdf
- SHA256
  
  6763427f4f9545f615c4a9a9c92461a0c03a2205e91840e9f836424745e1b352
- SHA512
  
  6f74304a2b5b754ccfa55968cd5c1e798c34861cca067e23629da19cd61a68a43c3e918b6f46158a78d3a1c49d6b2260a2ace4d359d199543948b6aadc857c6c
Score

10^/10

webmonitor backdoor infostealer persistence rat upx suricata
- Modifies WinLogon for persistence
  persistence
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1

T1004

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies WinLogon for persistence

RevcodeRat, WebMonitorRat

WebMonitor payload

suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Unexpected DNS network traffic destination

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2