General
-
Target
d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb
-
Size
627KB
-
Sample
220701-gjmejaefdm
-
MD5
e3deaa2d0d0e8551a0e5aec0822b1b91
-
SHA1
fa8769f657dcac98042c2a3af1ced52fe98ef108
-
SHA256
d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb
-
SHA512
306b76d251aa7c59c6f09c5640d91e6c3d1df3a44e21d8a4458e5082634047204de0b939fcecf4404c527350e673f30723b40a2daf3dffd3a5f5e27bc55c8985
Malware Config
Extracted
webmonitor
javalux111.wm01.to:443
-
config_key
zekeDaEuDbc1YhvIHRdeIzXghxt4q89z
-
private_key
OvE194dh7
-
url_path
/recv5.php
Targets
-
-
Target
d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb
-
Size
627KB
-
MD5
e3deaa2d0d0e8551a0e5aec0822b1b91
-
SHA1
fa8769f657dcac98042c2a3af1ced52fe98ef108
-
SHA256
d0ad0b7647c5d8f05745070335039a2f8199d9ea789e5b223e707f84a9167cdb
-
SHA512
306b76d251aa7c59c6f09c5640d91e6c3d1df3a44e21d8a4458e5082634047204de0b939fcecf4404c527350e673f30723b40a2daf3dffd3a5f5e27bc55c8985
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor Payload
-
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
suricata: ET MALWARE WebMonitor/RevCode RAT CnC Domain in DNS Lookup
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-