Analysis
-
max time kernel
129s -
max time network
55s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10-07-2020 07:23
Static task
static1
Behavioral task
behavioral1
Sample
3ed6c63f4c06dbeedb1d49f943ee4215.jar
Resource
win7
Behavioral task
behavioral2
Sample
3ed6c63f4c06dbeedb1d49f943ee4215.jar
Resource
win10v200430
General
-
Target
3ed6c63f4c06dbeedb1d49f943ee4215.jar
-
Size
437KB
-
MD5
3ed6c63f4c06dbeedb1d49f943ee4215
-
SHA1
6ae2a4d5fa0a62203607dc339ceae9a7eb332abf
-
SHA256
b8eaca0905fc46ad6f69320954a0ec35fcd571fc829ed264a908c7aaa2b4eb92
-
SHA512
2af56f592554ab710b1f02b2390e5585be6f9723a79f2161a9323cfe9ea8739bf5d2b227c78570c1249f8fca9f7877674d2a133699709e21c072779a72713f34
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 15 bot.whatismyipaddress.com -
Loads dropped DLL 2 IoCs
Processes:
java.exepid process 1612 java.exe 1612 java.exe