General
-
Target
2e084ca9b86b432252097b8cbb9fb8b470cc1ca9d3eedb8e9033e2ff09d126a9
-
Size
668KB
-
Sample
220725-ewav6aecd7
-
MD5
897f3c7d741c4d5c7fc96f322a6f5a6a
-
SHA1
9738e0d5982f1a2255d7a72dc580bc85c554569e
-
SHA256
2e084ca9b86b432252097b8cbb9fb8b470cc1ca9d3eedb8e9033e2ff09d126a9
-
SHA512
30c433ff994848289cac9f500b7428b1bc06b119fb3260b0f48e5de0f2f841275ffbfab978d947b23f050acad647dd01925c33ddca9c2fa80cc9d9e50cb0c620
Malware Config
Extracted
webmonitor
snowhair123.wm01.to:443
-
config_key
kke8E3MMthAVUs3B5qBplqOYCdXuK3lS
-
private_key
DltfwOvgE
-
url_path
/recv4.php
Targets
-
-
Target
2e084ca9b86b432252097b8cbb9fb8b470cc1ca9d3eedb8e9033e2ff09d126a9
-
Size
668KB
-
MD5
897f3c7d741c4d5c7fc96f322a6f5a6a
-
SHA1
9738e0d5982f1a2255d7a72dc580bc85c554569e
-
SHA256
2e084ca9b86b432252097b8cbb9fb8b470cc1ca9d3eedb8e9033e2ff09d126a9
-
SHA512
30c433ff994848289cac9f500b7428b1bc06b119fb3260b0f48e5de0f2f841275ffbfab978d947b23f050acad647dd01925c33ddca9c2fa80cc9d9e50cb0c620
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-