Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Trojan.Win...50.exe

windows7-x64

10

Trojan.Win...50.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/08/2022, 04:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trojan.Win32.Revcode.ci-3a9c95abba3c0563bae4edc28b992d16df926ac7c7476ae565e3c3a4095a0d50.exe

  • Size

    2.1MB

  • MD5

    8b9cccdb24eb9b20f9fd3119706f4471

  • SHA1

    711e1172cd8783297d9a148a8a8c4743fbd6e89d

  • SHA256

    3a9c95abba3c0563bae4edc28b992d16df926ac7c7476ae565e3c3a4095a0d50

  • SHA512

    d69242390b6e30c749ba0274281555617ad0408310b26571e6cb7b18df8addf525c046092747ea5db8cd0c157f2acc64d500f2fcfc73a94a98b317960a5f6aa1

  • SSDEEP

    49152:slwDTibTrn2+eWekrP90yVJNMfw45uWIXZkv8:slwD+jnnxekrP9zJWwyvEkk

Score
10/10
webmonitorbackdoorevasioninfostealerrat

Malware Config

Extracted

Family

webmonitor

C2

therealmatrixs.wm01.to:443

Attributes
  • config_key

    Pqe2NRmv6q77pu6rspeYtwpwbbWkEwWt

  • private_key

    TWF2E2Jad

  • url_path

    /recv5.php

Signatures

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    backdoorratinfostealerwebmonitor
  • WebMonitor payload 1 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Revcode.ci-3a9c95abba3c0563bae4edc28b992d16df926ac7c7476ae565e3c3a4095a0d50.exe
    "C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Revcode.ci-3a9c95abba3c0563bae4edc28b992d16df926ac7c7476ae565e3c3a4095a0d50.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4252

Network

    No results found
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    322 B
     7
  • 93.184.220.29:80
    260 B
     5
  • 20.190.160.14:443
    260 B
     5
  • 13.69.239.73:443
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4252-132-0x0000000000400000-0x000000000095F000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/4252-133-0x00000000772E0000-0x0000000077483000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4252-134-0x0000000000400000-0x000000000095F000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/4252-135-0x00000000772E0000-0x0000000077483000-memory.dmp

    Filesize

    1.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.