General
-
Target
1157923e5cd51d747faf266da4e22de5_JaffaCakes118
-
Size
621KB
-
Sample
240504-dsc1nsbg61
-
MD5
1157923e5cd51d747faf266da4e22de5
-
SHA1
fc2cd39cfae0b4f5ea343e6286e3e98147fac320
-
SHA256
9f44d74b5fe2e6353074ba70ade88d1747f038ca9902be34cb2ca95eecafc760
-
SHA512
668e34d0dd732915573e99cae4fb5b7de590f89824fc1142ae3b5fd737af0489be5f69ca9121f8e80f2cb380795ca95addb582ef22a214942f0cc74e1f892a1f
-
SSDEEP
12288:ACL1cBficFlfKUMXSxY8L/RMkH6d2c60NPgMS6gl0tfqdlW3fp+4V1H/eu1D1S3L:TRchPoU/M2USQYs
Malware Config
Extracted
webmonitor
perlhabour.wm01.to:443
-
config_key
XNmE4WPjibOWPGiI4YZB52MvfFKluIbw
-
private_key
RpKoGNosA
-
url_path
/recv4.php
Targets
-
-
Target
1157923e5cd51d747faf266da4e22de5_JaffaCakes118
-
Size
621KB
-
MD5
1157923e5cd51d747faf266da4e22de5
-
SHA1
fc2cd39cfae0b4f5ea343e6286e3e98147fac320
-
SHA256
9f44d74b5fe2e6353074ba70ade88d1747f038ca9902be34cb2ca95eecafc760
-
SHA512
668e34d0dd732915573e99cae4fb5b7de590f89824fc1142ae3b5fd737af0489be5f69ca9121f8e80f2cb380795ca95addb582ef22a214942f0cc74e1f892a1f
-
SSDEEP
12288:ACL1cBficFlfKUMXSxY8L/RMkH6d2c60NPgMS6gl0tfqdlW3fp+4V1H/eu1D1S3L:TRchPoU/M2USQYs
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-