webmonitor | 601683bffc489875354dd4a6b03f824c940b139799d03aefd279643080fae5c2 | Triage

Submit
Reports

Overview

overview

Static

static

601683bffc...c2.exe

windows7-x64

601683bffc...c2.exe

windows10-2004-x64

Sharing

General

Target

601683bffc489875354dd4a6b03f824c940b139799d03aefd279643080fae5c2
Size

717KB
Sample

220731-hw9ahadgh2
MD5

c00d1cf7fb01a9b33e438cd16b6eb578
SHA1

0d8c3833492d4106b7164d6ed9fa019838152832
SHA256

601683bffc489875354dd4a6b03f824c940b139799d03aefd279643080fae5c2
SHA512

2f5cac64da4edce25f0cffcc96fb1e500c0ee919ac0b7a466ddeab665ce6db1373a897fee492b36bed3b1a39be8b47af7676b2ef93f3b556b9794b2d78cac92a

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

Behavioral task

behavioral1

Sample

601683bffc489875354dd4a6b03f824c940b139799d03aefd279643080fae5c2.exe

Resource

win7-20220718-en

webmonitor backdoor infostealer rat upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

601683bffc489875354dd4a6b03f824c940b139799d03aefd279643080fae5c2.exe

Resource

win10v2004-20220722-en

webmonitor backdoor infostealer rat upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

webmonitor

C2

arglobal.wm01.to:443

Attributes

config_key
ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4
private_key
X2HBeL4iM
url_path
/recv4.php

Targets

- Target
  
  601683bffc489875354dd4a6b03f824c940b139799d03aefd279643080fae5c2
- Size
  
  717KB
- MD5
  
  c00d1cf7fb01a9b33e438cd16b6eb578
- SHA1
  
  0d8c3833492d4106b7164d6ed9fa019838152832
- SHA256
  
  601683bffc489875354dd4a6b03f824c940b139799d03aefd279643080fae5c2
- SHA512
  
  2f5cac64da4edce25f0cffcc96fb1e500c0ee919ac0b7a466ddeab665ce6db1373a897fee492b36bed3b1a39be8b47af7676b2ef93f3b556b9794b2d78cac92a
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerratupx

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy