Analysis
-
max time kernel
88s -
max time network
137s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 06:48
Static task
static1
Behavioral task
behavioral1
Sample
394-20200707-10-STRONGAS.jar
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
394-20200707-10-STRONGAS.jar
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
394-20200707-10-STRONGAS.jar
-
Size
426KB
-
MD5
f7d2e3baf446952c84c783d8dcb4ffb8
-
SHA1
ed5ae96da0f0a2a7f5ec6bd76de124b494f6f09f
-
SHA256
e2e7bb79269c7b3367b4ea7f96587a9bfc501d88b446181d13070788ba9bf543
-
SHA512
e7f34108476bd26e45aa88574e69922ddb5a83b6149a69b513b8321f739bae330665f737bd5702d4a16878eed86903e641535ed86f47c5d3f9818e933c4f8d44
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
Processes:
java.exepid process 4092 java.exe 4092 java.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 14 bot.whatismyipaddress.com