webmonitor | 5a6768b9584d3709905a295a14a373fd5b9bfce7ca58111592cb5f28674c995e | Triage

Submit
Reports

Overview

overview

Static

static

3

0c687590cc...16.exe

windows7-x64

0c687590cc...16.exe

windows10-2004-x64

Sharing

General

Target

0c687590ccdb4b84dbda93c095929416
Size

1.3MB
Sample

231230-dj1elsbcf2
MD5

0c687590ccdb4b84dbda93c095929416
SHA1

2c3458ebee515c5ed39cebdd88eca31991269997
SHA256

5a6768b9584d3709905a295a14a373fd5b9bfce7ca58111592cb5f28674c995e
SHA512

143d302b3481989f81e768cc65ce28b5be38c9066ea7fefe6c8681245ca302ec48d37e5882c62379420aa1c17bb7e11259a061eeb4ddfb7ec263a1b06530c44e
SSDEEP

24576:yVe9P57YARBbofjMw3KsQAxlXZjGfSoH5f:yVIB7VlotXEf1HV

Score

10^/10

webmonitor zgrat backdoor infostealer rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0c687590ccdb4b84dbda93c095929416.exe

Resource

win7-20231215-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0c687590ccdb4b84dbda93c095929416.exe

Resource

win10v2004-20231215-en

webmonitor zgrat backdoor infostealer rat upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  0c687590ccdb4b84dbda93c095929416
- Size
  
  1.3MB
- MD5
  
  0c687590ccdb4b84dbda93c095929416
- SHA1
  
  2c3458ebee515c5ed39cebdd88eca31991269997
- SHA256
  
  5a6768b9584d3709905a295a14a373fd5b9bfce7ca58111592cb5f28674c995e
- SHA512
  
  143d302b3481989f81e768cc65ce28b5be38c9066ea7fefe6c8681245ca302ec48d37e5882c62379420aa1c17bb7e11259a061eeb4ddfb7ec263a1b06530c44e
- SSDEEP
  
  24576:yVe9P57YARBbofjMw3KsQAxlXZjGfSoH5f:yVIB7VlotXEf1HV
Score

10^/10

zgrat rat webmonitor backdoor infostealer upx
- Detect ZGRat V1
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

webmonitorzgratbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy