Extracted

• • Target

    61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701

  • Size

    892KB

  • MD5

    14d8aab063f78a8c70801f240b8b7b42

  • SHA1

    03fe13043ff7baa44f2ee25b9d973feffd461905

  • SHA256

    61107d11d3d22b6949203ea0e0be74aa4d5b0308455e9e3dcf87491ee2063701

  • SHA512

    433e2215ae50e5b8bf45493295ad38c3df21bf7b88680903b22f93c6a0d4494f7957bc802886ec9f1389f22ad8dec06608cde10946aafde88705ae8a5057d3ea

  Score

  10^/10

  webmonitorbackdoorinfostealerpersistenceratupx

  • RevcodeRat, WebMonitorRat

    WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

    backdoorratinfostealerwebmonitor

  • WebMonitor payload

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2