General
-
Target
396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
-
Size
819KB
-
Sample
220625-mmlkasaha2
-
MD5
5565f0e1f3d19760c449fc3b01a61a45
-
SHA1
0c62e6457299dce75b66db6965c4c1f13f4cb663
-
SHA256
396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
-
SHA512
36150a9ee821325bbe7dd03417feecdd546777ad19c2c6c11404e2233521b5ee4faf831bbc9a8ac2a136f51197016cf065207b9535a8cd21da7bdbec9b281259
Malware Config
Extracted
webmonitor
arglobal.wm01.to:443
-
config_key
ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4
-
private_key
X2HBeL4iM
-
url_path
/recv4.php
Targets
-
-
Target
396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
-
Size
819KB
-
MD5
5565f0e1f3d19760c449fc3b01a61a45
-
SHA1
0c62e6457299dce75b66db6965c4c1f13f4cb663
-
SHA256
396b8a398dbb41566456dfc4b114b23fcb2842a6f574c0fd7d9033f548a97ffc
-
SHA512
36150a9ee821325bbe7dd03417feecdd546777ad19c2c6c11404e2233521b5ee4faf831bbc9a8ac2a136f51197016cf065207b9535a8cd21da7bdbec9b281259
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor Payload
-
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-