WEBC2-DIV (54be66ea-fd26-4f25-b4af-d10d16fa919f)
The WEBC2 malware family is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The WEBC2-DIV variant searches for the strings "div safe:" and " balance" to delimit encoded C2 information. If the decoded string begins with the letter "J" the malware will parse additional arguments in the decoded string to specify the sleep interval to use. WEBC2-DIV is capable of downloading a file, downloading and executing a file, or sleeping a specified interval.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
WEBC2-DIV (54be66ea-fd26-4f25-b4af-d10d16fa919f) | Tool | WebC2-DIV (acdda3e5-e776-419b-b060-14f3406de061) | Malpedia | 1 |