webmonitor | 12b9219af3987966cff3cb1922724f936db9057a21ec6f583ca61399ae082f13 | Triage

Submit
Reports

Overview

overview

Static

static

3

458b61b6d0...e0.exe

windows7-x64

458b61b6d0...e0.exe

windows10-2004-x64

Sharing

General

Target

458b61b6d0cc95c8b8f9efc039afdee0.exe
Size

1.8MB
Sample

240106-l6afpsedg6
MD5

458b61b6d0cc95c8b8f9efc039afdee0
SHA1

2219421a1f46abddc293864cb672be6ac9fb5178
SHA256

12b9219af3987966cff3cb1922724f936db9057a21ec6f583ca61399ae082f13
SHA512

29c86526249f3cd2a84640038246026872dd5345c36b49dd9cd905cc03df898db8d61147e7997bbec6728b36f33c9cfdfb688c265e656c4d2ee99f35b93b93b4
SSDEEP

49152:oJdAMg7BSRxPlpfTuvecJNhVj3BdfaQWg167O:dz7WNpfTuZJNhZ3BdfaQnH

Score

10^/10

webmonitor zgrat backdoor infostealer rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

458b61b6d0cc95c8b8f9efc039afdee0.exe

Resource

win7-20231215-en

webmonitor zgrat backdoor infostealer rat upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

458b61b6d0cc95c8b8f9efc039afdee0.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  458b61b6d0cc95c8b8f9efc039afdee0.exe
- Size
  
  1.8MB
- MD5
  
  458b61b6d0cc95c8b8f9efc039afdee0
- SHA1
  
  2219421a1f46abddc293864cb672be6ac9fb5178
- SHA256
  
  12b9219af3987966cff3cb1922724f936db9057a21ec6f583ca61399ae082f13
- SHA512
  
  29c86526249f3cd2a84640038246026872dd5345c36b49dd9cd905cc03df898db8d61147e7997bbec6728b36f33c9cfdfb688c265e656c4d2ee99f35b93b93b4
- SSDEEP
  
  49152:oJdAMg7BSRxPlpfTuvecJNhVj3BdfaQWg167O:dz7WNpfTuZJNhZ3BdfaQnH
Score

10^/10

webmonitor zgrat backdoor infostealer rat upx
- Detect ZGRat V1
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

webmonitorzgratbackdoorinfostealerratupx

behavioral2

© 2018-2024

Terms | Privacy