Extracted

• • Target

    a06c169bdabb7410fef4d2b20a4c0ae0d96d268da41f496c5c013492a6b103fc

  • Size

    1.7MB

  • MD5

    9eeb9b33a63440d8b5558edf0c007db4

  • SHA1

    62f57d397ef643b9c3b224cd8aebf3f988976597

  • SHA256

    a06c169bdabb7410fef4d2b20a4c0ae0d96d268da41f496c5c013492a6b103fc

  • SHA512

    6c1757d4956c38eb06a2aad711e3c45b58046b9856d5eb887222f061176e41ea777ae750d3ee3c82eb43433a8959057c75582ecda72324d817dac257205290b0

  Score

  10^/10

  webmonitorbackdoorinfostealerpersistenceratsuricataupx

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    backdoorratinfostealerwebmonitor

  • WebMonitor Payload

  • suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

    suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

    suricata

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2