General
-
Target
48d173767bf24bb9ad394d2581ecedfdefc4e31fd79b114a79a196eca7fb8876
-
Size
17.2MB
-
Sample
220516-p4e5ysccb2
-
MD5
ee9a4ee14382824e759636426db0aa6f
-
SHA1
5ff8faa6df6c1ef352d4938be39a97092dd1c7c7
-
SHA256
48d173767bf24bb9ad394d2581ecedfdefc4e31fd79b114a79a196eca7fb8876
-
SHA512
4c7a3f81eb713b68c5cf8376ec5f55428294732f2c97bf5cd8bea876d569d2bf1e2d3a9c09e64b51411deaf37f1670d02a1cf192e7427f9cef3135f4a09b6656
Malware Config
Extracted
webmonitor
worldbala.wm01.to:443
-
config_key
1vt5MKV6CcJnGWsNVlYXmKcidNN2mBKt
-
private_key
NcwyDvFB8
-
url_path
/recv4.php
Targets
-
-
Target
48d173767bf24bb9ad394d2581ecedfdefc4e31fd79b114a79a196eca7fb8876
-
Size
17.2MB
-
MD5
ee9a4ee14382824e759636426db0aa6f
-
SHA1
5ff8faa6df6c1ef352d4938be39a97092dd1c7c7
-
SHA256
48d173767bf24bb9ad394d2581ecedfdefc4e31fd79b114a79a196eca7fb8876
-
SHA512
4c7a3f81eb713b68c5cf8376ec5f55428294732f2c97bf5cd8bea876d569d2bf1e2d3a9c09e64b51411deaf37f1670d02a1cf192e7427f9cef3135f4a09b6656
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-