webmonitor | 55c4eee443193174b9784c4e5d78773e45f4e927e4840f3439d366b5fbc0feb5 | Triage

Submit
Reports

Overview

overview

Static

static

55c4eee443...b5.exe

windows7-x64

55c4eee443...b5.exe

windows10-2004-x64

Sharing

General

Target

55c4eee443193174b9784c4e5d78773e45f4e927e4840f3439d366b5fbc0feb5
Size

612KB
Sample

220725-se9j2sffcp
MD5

6089a3255851bc09825c01e73d2e0b52
SHA1

720694441f23f83b954db816a83909784272d68c
SHA256

55c4eee443193174b9784c4e5d78773e45f4e927e4840f3439d366b5fbc0feb5
SHA512

9c550c659dee8659fa3e695aab1e392b0e5e4e2a9d424e3c795e27d24b6c294a6800a9516d92445d7061a9a79e24f8056fc2103d4b1abf744e9cae8de9dc0b03

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

Behavioral task

behavioral1

Sample

55c4eee443193174b9784c4e5d78773e45f4e927e4840f3439d366b5fbc0feb5.exe

Resource

win7-20220715-en

webmonitor backdoor infostealer rat upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

55c4eee443193174b9784c4e5d78773e45f4e927e4840f3439d366b5fbc0feb5.exe

Resource

win10v2004-20220722-en

webmonitor backdoor infostealer rat upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

webmonitor

C2

arglobal.wm01.to:443

Attributes

config_key
ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4
private_key
X2HBeL4iM
url_path
/recv4.php

Targets

- Target
  
  55c4eee443193174b9784c4e5d78773e45f4e927e4840f3439d366b5fbc0feb5
- Size
  
  612KB
- MD5
  
  6089a3255851bc09825c01e73d2e0b52
- SHA1
  
  720694441f23f83b954db816a83909784272d68c
- SHA256
  
  55c4eee443193174b9784c4e5d78773e45f4e927e4840f3439d366b5fbc0feb5
- SHA512
  
  9c550c659dee8659fa3e695aab1e392b0e5e4e2a9d424e3c795e27d24b6c294a6800a9516d92445d7061a9a79e24f8056fc2103d4b1abf744e9cae8de9dc0b03
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerratupx

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy