PAYMENT_119091031_JFR.jar

General
Target

PAYMENT_119091031_JFR.jar

Filesize

426KB

Completed

06-04-2020 18:37

Score
7 /10
MD5

27a541da018bec205bec18d5aa85978c

SHA1

78bbe6410bcb92dba2787f2c3d29c0f7db810b16

SHA256

f4b5451809e69cc848d835a918c59bb79d449a11daed519743fedb5545127c74

Malware Config
Signatures 2

Filter: none

  • Loads dropped DLL
    java.exe

    Reported IOCs

    pidprocess
    3896java.exe
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

    Reported IOCs

    flowioc
    12bot.whatismyipaddress.com
Processes 1
  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\PAYMENT_119091031_JFR.jar
    Loads dropped DLL
    PID:3896
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • \Users\Admin\AppData\Local\Temp\jna-63116079\jna6210709186133255166.dll