webmonitor | f9c069523cc221dcea4a5b46281e6752ba4a567480b7c81e3a80d369c73b07ff | Triage

Submit
Reports

Overview

overview

Static

static

3

fb4e9686e8...18.exe

windows7-x64

fb4e9686e8...18.exe

windows10-2004-x64

Sharing

General

Target

fb4e9686e8d934c6e71f69fbf69cbba6_JaffaCakes118
Size

1.3MB
Sample

240419-2d67zaaa7w
MD5

fb4e9686e8d934c6e71f69fbf69cbba6
SHA1

91b52740a1d9a46bddb568cfc6e9d035c5160b22
SHA256

f9c069523cc221dcea4a5b46281e6752ba4a567480b7c81e3a80d369c73b07ff
SHA512

36c09106eeaa9bbd452fef2bb8d6dda58e1894f1a54963af4b27f61c73ddbf45bb6c523b10a18a22dce138fb6fa5ffba72a7190c6a9e3c2ff24eaf166ba2f87d
SSDEEP

24576:K/86WY0n6q9nXshv7ogKw+/dA1hhLdiIIjE6YdZxua7Fz:nSrqRXshMgushQm6Yjxua7Fz

Score

10^/10

webmonitor zgrat backdoor infostealer rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb4e9686e8d934c6e71f69fbf69cbba6_JaffaCakes118.exe

Resource

win7-20240215-en

webmonitor zgrat backdoor infostealer rat upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb4e9686e8d934c6e71f69fbf69cbba6_JaffaCakes118.exe

Resource

win10v2004-20240412-en

webmonitor zgrat backdoor infostealer rat upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  fb4e9686e8d934c6e71f69fbf69cbba6_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  fb4e9686e8d934c6e71f69fbf69cbba6
- SHA1
  
  91b52740a1d9a46bddb568cfc6e9d035c5160b22
- SHA256
  
  f9c069523cc221dcea4a5b46281e6752ba4a567480b7c81e3a80d369c73b07ff
- SHA512
  
  36c09106eeaa9bbd452fef2bb8d6dda58e1894f1a54963af4b27f61c73ddbf45bb6c523b10a18a22dce138fb6fa5ffba72a7190c6a9e3c2ff24eaf166ba2f87d
- SSDEEP
  
  24576:K/86WY0n6q9nXshv7ogKw+/dA1hhLdiIIjE6YdZxua7Fz:nSrqRXshMgushQm6Yjxua7Fz
Score

10^/10

webmonitor zgrat backdoor infostealer rat upx
- Detect ZGRat V1
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

webmonitorzgratbackdoorinfostealerratupx

behavioral2

webmonitorzgratbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy