webmonitor | 16914198f56059c5e3fbcb1bb00283da59ad3ff7b06b6bd818ee912f74a42f3e | Triage

Submit
Reports

Overview

overview

Static

static

3

1be5dfb676...18.exe

windows7-x64

1be5dfb676...18.exe

windows10-2004-x64

Sharing

General

Target

1be5dfb676ea45c9b295f1ea843352bc_JaffaCakes118
Size

583KB
Sample

240506-lpwbvabb24
MD5

1be5dfb676ea45c9b295f1ea843352bc
SHA1

7c116f899466987ab92b393d9b9dd4f423ad2670
SHA256

16914198f56059c5e3fbcb1bb00283da59ad3ff7b06b6bd818ee912f74a42f3e
SHA512

c96dc8b6af3b1c6e0a894caefb30637b73271492b7996d202f1e2f4044986789d27f0a5355175e2fa2080b0e8a19684c9bea333e745eba753603d65e51cf79f9
SSDEEP

12288:kYe5yXuFDanhQ6zjJiWV2u+wMzpo7QjTwtkw7GPGbSEuO2I1n:6YSSZjgWVAlWUYtkw6O2Eu/Q

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1be5dfb676ea45c9b295f1ea843352bc_JaffaCakes118.exe

Resource

win7-20240220-en

webmonitor backdoor infostealer rat upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1be5dfb676ea45c9b295f1ea843352bc_JaffaCakes118.exe

Resource

win10v2004-20240426-en

webmonitor backdoor infostealer rat upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

webmonitor

C2

arglobal.wm01.to:443

Attributes

config_key
ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4
private_key
X2HBeL4iM
url_path
/recv4.php

Targets

- Target
  
  1be5dfb676ea45c9b295f1ea843352bc_JaffaCakes118
- Size
  
  583KB
- MD5
  
  1be5dfb676ea45c9b295f1ea843352bc
- SHA1
  
  7c116f899466987ab92b393d9b9dd4f423ad2670
- SHA256
  
  16914198f56059c5e3fbcb1bb00283da59ad3ff7b06b6bd818ee912f74a42f3e
- SHA512
  
  c96dc8b6af3b1c6e0a894caefb30637b73271492b7996d202f1e2f4044986789d27f0a5355175e2fa2080b0e8a19684c9bea333e745eba753603d65e51cf79f9
- SSDEEP
  
  12288:kYe5yXuFDanhQ6zjJiWV2u+wMzpo7QjTwtkw7GPGbSEuO2I1n:6YSSZjgWVAlWUYtkw6O2Eu/Q
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerratupx

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy