webmonitor | 61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701 | Triage

Submit
Reports

Overview

overview

Static

static

61107d11d3...01.exe

windows7-x64

61107d11d3...01.exe

windows10-2004-x64

Sharing

General

Target

61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701
Size

892KB
Sample

220730-185rysafh5
MD5

14d8aab063f78a8c70801f240b8b7b42
SHA1

03fe13043ff7baa44f2ee25b9d973feffd461905
SHA256

61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701
SHA512

433e2215ae50e5b8bf45493295ad38c3df21bf7b88680903b22f93c6a0d4494f7957bc802886ec9f1389f22ad8dec06608cde10946aafde88705ae8a5057d3ea

Score

10^/10

webmonitor backdoor infostealer persistence rat upx

Static task

static1

Behavioral task

behavioral1

Sample

61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701.exe

Resource

win7-20220715-en

webmonitor backdoor infostealer persistence rat upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701.exe

Resource

win10v2004-20220722-en

webmonitor backdoor infostealer persistence rat upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

webmonitor

C2

blazenowen.wm01.to:443

Attributes

config_key
EGm5jUWfcr82Lzdv9JfTfE11MdAbW1NV
private_key
eO2U1b402
url_path
/recv4.php

Targets

- Target
  
  61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701
- Size
  
  892KB
- MD5
  
  14d8aab063f78a8c70801f240b8b7b42
- SHA1
  
  03fe13043ff7baa44f2ee25b9d973feffd461905
- SHA256
  
  61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701
- SHA512
  
  433e2215ae50e5b8bf45493295ad38c3df21bf7b88680903b22f93c6a0d4494f7957bc802886ec9f1389f22ad8dec06608cde10946aafde88705ae8a5057d3ea
Score

10^/10

webmonitor backdoor infostealer persistence rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerpersistenceratupx

behavioral2

webmonitorbackdoorinfostealerpersistenceratupx

© 2018-2024

Terms | Privacy