webmonitor | 17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80 | Triage

Submit
Reports

Overview

overview

Static

static

3

8a2123d480...18.exe

windows7-x64

8a2123d480...18.exe

windows10-2004-x64

1

Sharing

General

Target

8a2123d4809ffdc677df37b88d58769c_JaffaCakes118
Size

840KB
Sample

240601-l39fmaad28
MD5

8a2123d4809ffdc677df37b88d58769c
SHA1

4138f2da78ccf7ed3a07d455fddb367f59568d04
SHA256

17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80
SHA512

632870596e6f41adefce8a6589ee75b9df1ab483e619d2a2e555f6878a48007c5a38267c576ef3b056559d5348994427e46690034a59388aeee910f4fa93f671
SSDEEP

12288:juCJUOVMQGZGlScgjAFai8/6CAYUNifucTSkPjQMS/kkkkkkk:jNJUOVbocgjA58SCAi2jkPh

Score

10^/10

webmonitor backdoor infostealer persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8a2123d4809ffdc677df37b88d58769c_JaffaCakes118.exe

Resource

win7-20240221-en

webmonitor backdoor infostealer persistence rat upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a2123d4809ffdc677df37b88d58769c_JaffaCakes118.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

webmonitor

C2

mafianclub.wm01.to:443

Attributes

config_key
msK8483mYp1k2OzxD1I3yoSUcNW7v1k5
private_key
WB8PgMeHa
url_path
/recv5.php

Targets

- Target
  
  8a2123d4809ffdc677df37b88d58769c_JaffaCakes118
- Size
  
  840KB
- MD5
  
  8a2123d4809ffdc677df37b88d58769c
- SHA1
  
  4138f2da78ccf7ed3a07d455fddb367f59568d04
- SHA256
  
  17453e72156cb5dbd9567d52d6b83436e4f196f6f3c311c4a9b613aaba1a8b80
- SHA512
  
  632870596e6f41adefce8a6589ee75b9df1ab483e619d2a2e555f6878a48007c5a38267c576ef3b056559d5348994427e46690034a59388aeee910f4fa93f671
- SSDEEP
  
  12288:juCJUOVMQGZGlScgjAFai8/6CAYUNifucTSkPjQMS/kkkkkkk:jNJUOVbocgjA58SCAi2jkPh
Score

10^/10

webmonitor backdoor infostealer persistence rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerpersistenceratupx

behavioral2

© 2018-2024

Terms | Privacy