webmonitor | 3a161baa6ade1fd9b3430a4a828956473e7c91f6d9e05a448452136d99095aac | Triage

Submit
Reports

Overview

overview

Static

static

3

df280dda64...18.exe

windows7-x64

df280dda64...18.exe

windows10-2004-x64

Sharing

General

Target

df280dda64ba0e93d9e80779eb9b2491_JaffaCakes118
Size

694KB
Sample

240914-an6weaxfqb
MD5

df280dda64ba0e93d9e80779eb9b2491
SHA1

30cb99df159bb60b3a9356b0f626deb0c95d56e1
SHA256

3a161baa6ade1fd9b3430a4a828956473e7c91f6d9e05a448452136d99095aac
SHA512

c48c57d07025b2342dedc715d35b3b7e3ccf4e3f3abafc81469c0c217c0f7df1b1d3a940ab8a98a1152b6edd2dcd4ae94f83d118467d92a69d26e66cf6e063fa
SSDEEP

12288:3LCwk7wqtnzX57EMgGMr+k0di2qP2WeR3PYeXuQViooshf:3LCwk7wqxx7JUvPxuPxuwHLh

Score

10^/10

webmonitor backdoor discovery infostealer persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

df280dda64ba0e93d9e80779eb9b2491_JaffaCakes118.exe

Resource

win7-20240903-en

webmonitor backdoor discovery infostealer persistence rat upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

df280dda64ba0e93d9e80779eb9b2491_JaffaCakes118.exe

Resource

win10v2004-20240910-en

webmonitor backdoor discovery infostealer rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

webmonitor

C2

vit0x.wm01.to:443

Attributes

config_key
sfh0MavnyDfXzTlYYGRziPhnyIYnjr6k
private_key
pjaH84P73
url_path
/recv5.php

Targets

- Target
  
  df280dda64ba0e93d9e80779eb9b2491_JaffaCakes118
- Size
  
  694KB
- MD5
  
  df280dda64ba0e93d9e80779eb9b2491
- SHA1
  
  30cb99df159bb60b3a9356b0f626deb0c95d56e1
- SHA256
  
  3a161baa6ade1fd9b3430a4a828956473e7c91f6d9e05a448452136d99095aac
- SHA512
  
  c48c57d07025b2342dedc715d35b3b7e3ccf4e3f3abafc81469c0c217c0f7df1b1d3a940ab8a98a1152b6edd2dcd4ae94f83d118467d92a69d26e66cf6e063fa
- SSDEEP
  
  12288:3LCwk7wqtnzX57EMgGMr+k0di2qP2WeR3PYeXuQViooshf:3LCwk7wqxx7JUvPxuPxuwHLh
Score

10^/10

webmonitor backdoor discovery infostealer persistence rat upx
- RevcodeRat, WebMonitorRat
  WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.
  backdoor rat infostealer webmonitor
- WebMonitor payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

webmonitorbackdoordiscoveryinfostealerpersistenceratupx

behavioral2

webmonitorbackdoordiscoveryinfostealerratupx

© 2018-2024

Terms | Privacy