General
-
Target
18ee3ef64924f4dd006ac40ef62aba58ffa82c49b705209bda9d378c183a6c52
-
Size
1.1MB
-
Sample
220415-a5zhnafabk
-
MD5
46251cfdab21778b84b03cf7ce34f48c
-
SHA1
a30a503554703f2f9d4839636433f69ae0cd0ceb
-
SHA256
18ee3ef64924f4dd006ac40ef62aba58ffa82c49b705209bda9d378c183a6c52
-
SHA512
34b413075368fa09b2b6c7cbd76f7cae2f734f1cf0f47f839b2eed1747ee99d054a57753ebf13202f762ab735961b6011b5b400bafce2cf4913873b23f49bb5f
Malware Config
Extracted
webmonitor
niiarmah.wm01.to:443
-
config_key
4EcDHH7aWbl50LayUnuRlJWUXiKQWk0O
-
private_key
yvkn5wM8E
-
url_path
/recv5.php
Targets
-
-
Target
18ee3ef64924f4dd006ac40ef62aba58ffa82c49b705209bda9d378c183a6c52
-
Size
1.1MB
-
MD5
46251cfdab21778b84b03cf7ce34f48c
-
SHA1
a30a503554703f2f9d4839636433f69ae0cd0ceb
-
SHA256
18ee3ef64924f4dd006ac40ef62aba58ffa82c49b705209bda9d378c183a6c52
-
SHA512
34b413075368fa09b2b6c7cbd76f7cae2f734f1cf0f47f839b2eed1747ee99d054a57753ebf13202f762ab735961b6011b5b400bafce2cf4913873b23f49bb5f
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-