webmonitor | 477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473 | Triage

Submit
Reports

Overview

overview

Static

static

5

477890c832...73.exe

windows7_x64

1

477890c832...73.exe

windows10-2004_x64

Sharing

General

Target

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
Size

1.6MB
Sample

220714-hb6c4sdda8
MD5

0c51f2d2491935aa18675a7a0d91a9ff
SHA1

aedc0da5d909d665bfe1e4de023a163fb24c8847
SHA256

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
SHA512

85cc9f0e5bd848ca5f871c645d613a53de98245a558e111662f2c6870f7e0a36c4aa47bbb12c3ee001c083f14ada6f98dc3210161be3cde99c1a98f670c9aedc

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

Behavioral task

behavioral1

Sample

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473.exe

Resource

win10v2004-20220414-en

webmonitor backdoor infostealer rat upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

webmonitor

C2

olaviqs.wm01.to:443

Attributes

config_key
7GfpikpHRvmQe3t81PSe02B3qwlPiFPx
private_key
JklcEIRIO
url_path
/recv5.php

Targets

- Target
  
  477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
- Size
  
  1.6MB
- MD5
  
  0c51f2d2491935aa18675a7a0d91a9ff
- SHA1
  
  aedc0da5d909d665bfe1e4de023a163fb24c8847
- SHA256
  
  477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
- SHA512
  
  85cc9f0e5bd848ca5f871c645d613a53de98245a558e111662f2c6870f7e0a36c4aa47bbb12c3ee001c083f14ada6f98dc3210161be3cde99c1a98f670c9aedc
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy