General

  • Target

    d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb

  • Size

    627KB

  • Sample

    220701-gjmejaefdm

  • MD5

    e3deaa2d0d0e8551a0e5aec0822b1b91

  • SHA1

    fa8769f657dcac98042c2a3af1ced52fe98ef108

  • SHA256

    d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb

  • SHA512

    306b76d251aa7c59c6f09c5640d91e6c3d1df3a44e21d8a4458e5082634047204de0b939fcecf4404c527350e673f30723b40a2daf3dffd3a5f5e27bc55c8985

Malware Config

Extracted

Family

webmonitor

C2

javalux111.wm01.to:443

Attributes
  • config_key

    zekeDaEuDbc1YhvIHRdeIzXghxt4q89z

  • private_key

    OvE194dh7

  • url_path

    /recv5.php

Targets

    • Target

      d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb

    • Size

      627KB

    • MD5

      e3deaa2d0d0e8551a0e5aec0822b1b91

    • SHA1

      fa8769f657dcac98042c2a3af1ced52fe98ef108

    • SHA256

      d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb

    • SHA512

      306b76d251aa7c59c6f09c5640d91e6c3d1df3a44e21d8a4458e5082634047204de0b939fcecf4404c527350e673f30723b40a2daf3dffd3a5f5e27bc55c8985

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    • WebMonitor Payload

    • suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

      suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks