General
-
Target
cdab5970c5e3d12116faceea2b0b7ed9_JaffaCakes118
-
Size
811KB
-
Sample
240831-1s2elaxeqa
-
MD5
cdab5970c5e3d12116faceea2b0b7ed9
-
SHA1
6b13121ed24e1952b8ceecab0a2cc95ed4182c41
-
SHA256
8a3c1ca12b7f67078c31a08b66d0c126d55177da3dc42cdf2f80a593ab9548d8
-
SHA512
21f0fa1eb0bdf5a200f2ecf9731f97f139884491f34f9088b3c54fbb529d7558763161e63ad19a50436479fbdcad49592455ef629fcb4f34b4a53e63a3c63a6b
-
SSDEEP
12288:54P00EVz7GYFuzIuZrpG0NHlq4duP2oWC8V1xEZyQeURSx8sWDF:54M0KPGYA8uZ40NFqL2oWNV1xyyhYs0
Static task
static1
Behavioral task
behavioral1
Sample
cdab5970c5e3d12116faceea2b0b7ed9_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cdab5970c5e3d12116faceea2b0b7ed9_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
webmonitor
arglobal.wm01.to:443
-
config_key
ziKbg2IBpBxL34Yr4SWnQnV4SqpF6Yy4
-
private_key
X2HBeL4iM
-
url_path
/recv4.php
Targets
-
-
Target
cdab5970c5e3d12116faceea2b0b7ed9_JaffaCakes118
-
Size
811KB
-
MD5
cdab5970c5e3d12116faceea2b0b7ed9
-
SHA1
6b13121ed24e1952b8ceecab0a2cc95ed4182c41
-
SHA256
8a3c1ca12b7f67078c31a08b66d0c126d55177da3dc42cdf2f80a593ab9548d8
-
SHA512
21f0fa1eb0bdf5a200f2ecf9731f97f139884491f34f9088b3c54fbb529d7558763161e63ad19a50436479fbdcad49592455ef629fcb4f34b4a53e63a3c63a6b
-
SSDEEP
12288:54P00EVz7GYFuzIuZrpG0NHlq4duP2oWC8V1xEZyQeURSx8sWDF:54M0KPGYA8uZ40NFqL2oWNV1xyyhYs0
Score10/10-
RevcodeRat, WebMonitorRat
WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
-
WebMonitor payload
-
Drops startup file
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-