0457a19a7b2492a8d0005db314420c11b6ce6ef096f92fe7811a81a870c7bb67 | Triage

Sharing

General

Target

394-20200713-10-PHARMA.jar
Size

466KB
Sample

200713-8zjtgf126s
MD5

94520f0eb2b8f10ccbbebcb1df95c07e
SHA1

8a56cc29626f8b53749eaefb3d1d825eb42bf767
SHA256

0457a19a7b2492a8d0005db314420c11b6ce6ef096f92fe7811a81a870c7bb67
SHA512

ebf6e4fb00dbcda7e5ff3c3b268335f04462e2e0ff6ee5ffbebff59eb5391f7d009343ee9b44f9728d5a4e2f3a0a1a8bddb0ac833918d6d8a4992fb3a356c580

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  394-20200713-10-PHARMA.jar
- Size
  
  466KB
- MD5
  
  94520f0eb2b8f10ccbbebcb1df95c07e
- SHA1
  
  8a56cc29626f8b53749eaefb3d1d825eb42bf767
- SHA256
  
  0457a19a7b2492a8d0005db314420c11b6ce6ef096f92fe7811a81a870c7bb67
- SHA512
  
  ebf6e4fb00dbcda7e5ff3c3b268335f04462e2e0ff6ee5ffbebff59eb5391f7d009343ee9b44f9728d5a4e2f3a0a1a8bddb0ac833918d6d8a4992fb3a356c580
Score

7^/10

spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2