webmonitor | 9b3e13d32754c9ef22703d119dd1f6d6c696e7b70c0ee8321dbc23aa9f7aecde | Triage

Submit
Reports

Overview

overview

Static

static

3

ad9f7de268...18.exe

windows7-x64

ad9f7de268...18.exe

windows10-2004-x64

Sharing

General

Target

ad9f7de2681a1840052744584576195c_JaffaCakes118
Size

669KB
Sample

240615-ksjxjsxhrk
MD5

ad9f7de2681a1840052744584576195c
SHA1

2eb76d600e532e800a4339c27f50b7e084c72ab3
SHA256

9b3e13d32754c9ef22703d119dd1f6d6c696e7b70c0ee8321dbc23aa9f7aecde
SHA512

3c96f0f291ed9174f76677a3c77f60553f6654fae4464c02696afaf058398030d510953a7e65d4e716d3cbb2e86e4b9abe02e8f674a93fdb0e435ab6f98f4691
SSDEEP

12288:JWtA47mU+emU+s35pm2WSMWPNkotsHjmTIsR5aviD:J9EmU3mULppm7SXPNkUsDmQaD

Score

10^/10

webmonitor backdoor infostealer rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ad9f7de2681a1840052744584576195c_JaffaCakes118.exe

Resource

win7-20240611-en

webmonitor backdoor infostealer rat upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad9f7de2681a1840052744584576195c_JaffaCakes118.exe

Resource

win10v2004-20240508-en

webmonitor backdoor infostealer rat upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

webmonitor

C2

arglobal.wm01.to:443

Attributes

config_key
ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4
private_key
X2HBeL4iM
url_path
/recv4.php

Targets

- Target
  
  ad9f7de2681a1840052744584576195c_JaffaCakes118
- Size
  
  669KB
- MD5
  
  ad9f7de2681a1840052744584576195c
- SHA1
  
  2eb76d600e532e800a4339c27f50b7e084c72ab3
- SHA256
  
  9b3e13d32754c9ef22703d119dd1f6d6c696e7b70c0ee8321dbc23aa9f7aecde
- SHA512
  
  3c96f0f291ed9174f76677a3c77f60553f6654fae4464c02696afaf058398030d510953a7e65d4e716d3cbb2e86e4b9abe02e8f674a93fdb0e435ab6f98f4691
- SSDEEP
  
  12288:JWtA47mU+emU+s35pm2WSMWPNkotsHjmTIsR5aviD:J9EmU3mULppm7SXPNkUsDmQaD
Score

10^/10

webmonitor backdoor infostealer rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

webmonitorbackdoorinfostealerratupx

behavioral2

webmonitorbackdoorinfostealerratupx

© 2018-2024

Terms | Privacy