Overview

overview

7

Static

static

394-202007...MA.jar

windows7_x64

1

394-202007...MA.jar

windows10_x64

7

Analysis

  • max time kernel
    131s
  • max time network
    133s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    13-07-2020 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    394-20200713-10-PHARMA.jar

  • Size

    466KB

  • MD5

    94520f0eb2b8f10ccbbebcb1df95c07e

  • SHA1

    8a56cc29626f8b53749eaefb3d1d825eb42bf767

  • SHA256

    0457a19a7b2492a8d0005db314420c11b6ce6ef096f92fe7811a81a870c7bb67

  • SHA512

    ebf6e4fb00dbcda7e5ff3c3b268335f04462e2e0ff6ee5ffbebff59eb5391f7d009343ee9b44f9728d5a4e2f3a0a1a8bddb0ac833918d6d8a4992fb3a356c580

Score
7/10
spyware

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\394-20200713-10-PHARMA.jar
    1⤵
    • Loads dropped DLL
    PID:2920

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\jna-63116079\jna3756230935495984584.dll
    Download Submit

  • \Users\Admin\AppData\Local\Temp\sqlite-3.8.11.2-609090b7-9fb2-4b65-8343-459f57596b47-sqlitejdbc.dll
    Download Submit