webmonitor | 477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473 | Triage

Submit
Reports

Overview

overview

Static

static

5

477890c832...73.exe

windows7_x64

1

477890c832...73.exe

windows10-2004_x64

Sharing

General

Target

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
Size

1.6MB
Sample

220714-hb6c4sdda8
MD5

0c51f2d2491935aa18675a7a0d91a9ff
SHA1

aedc0da5d909d665bfe1e4de023a163fb24c8847
SHA256

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
SHA512

85cc9f0e5bd848ca5f871c645d613a53de98245a558e111662f2c6870f7e0a36c4aa47bbb12c3ee001c083f14ada6f98dc3210161be3cde99c1a98f670c9aedc

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

Behavioral task

behavioral1

Sample

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473.exe

Resource

win10v2004-20220414-en

webmonitor backdoor infostealer rat upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

webmonitor

C2

olaviqs.wm01.to:443

Attributes

config_key
7GfpikpHRvmQe3t81PSe02B3qwlPiFPx
private_key
JklcEIRIO
url_path
/recv5.php

Targets

- Target
  
  477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
- Size
  
  1.6MB
- MD5
  
  0c51f2d2491935aa18675a7a0d91a9ff
- SHA1
  
  aedc0da5d909d665bfe1e4de023a163fb24c8847
- SHA256
  
  477890c8323400fc28599a57f1472618f4f4d9c2f9e5a9f65f2614951f089473
- SHA512
  
  85cc9f0e5bd848ca5f871c645d613a53de98245a558e111662f2c6870f7e0a36c4aa47bbb12c3ee001c083f14ada6f98dc3210161be3cde99c1a98f670c9aedc
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy