Skip to content

Hide Navigation Hide TOC

WEBC2-ADSPACE (2d8043b4-48ef-4992-a04a-c342cbbb4f87)

A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware is capable of downloading and executing a file. All variants represented here are the same file with different MD5 signatures. This malware attempts to contact its C2 once a week (Thursday at 10:00 AM). It looks for commands inside a set of HTML tags, part of which are in the File Strings indicator term below.

Cluster A Galaxy A Cluster B Galaxy B Level
WebC2-AdSpace (e57c677f-0117-4e23-8c3f-a772ed809f4c) Malpedia WEBC2-ADSPACE (2d8043b4-48ef-4992-a04a-c342cbbb4f87) Tool 1