Extracted

• • Target

    8e6f24e4cb48f7ed08b9796061dd09dd5fcefd7804c7b102a5d0f88c85938bc2

  • Size

    921KB

  • MD5

    40f39933c67ea2045c887db44e9ba666

  • SHA1

    611422b9d996fe8e6070fd107412cb61efbef483

  • SHA256

    8e6f24e4cb48f7ed08b9796061dd09dd5fcefd7804c7b102a5d0f88c85938bc2

  • SHA512

    363cd33c4ed51d8d8aa89c506f7392ec921479a2a3a010af1c48917e82be5166c9c09ba817aad417dff7e62e17ceef9d173899ff0c706ff18e3e3e10b74c26bc

  Score

  10^/10

  upxwebmonitorbackdoorinfostealerrat

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    backdoorratinfostealerwebmonitor

  • WebMonitor Payload

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2