PAYMENT_119091031_JFR.jar
General
Target
Filesize
Completed
PAYMENT_119091031_JFR.jar
426KB
06-04-2020 18:37
Score
7
/10
MD5
SHA1
SHA256
27a541da018bec205bec18d5aa85978c
78bbe6410bcb92dba2787f2c3d29c0f7db810b16
f4b5451809e69cc848d835a918c59bb79d449a11daed519743fedb5545127c74
Malware Config
Signatures 2
Filter: none
-
Loads dropped DLLjava.exe
Reported IOCs
pid process 3896 java.exe -
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
Reported IOCs
flow ioc 12 bot.whatismyipaddress.com
Processes 1
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\PAYMENT_119091031_JFR.jarLoads dropped DLL
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
\Users\Admin\AppData\Local\Temp\jna-63116079\jna6210709186133255166.dll
Title
Loading Data