General
-
Target
KR-US FTA CO.jar
-
Size
378KB
-
Sample
201016-6j4q7g8wln
-
MD5
ca07db8fd81eec3d8d99f94e2382ebc7
-
SHA1
396070d12ecae5027ea9e815426dae7236bd3bc5
-
SHA256
ccb2826c926e4465ea8ea53563d9308c9847d2ce84b8c82d4d03955a9d25fc51
-
SHA512
236b5ce706db88ff2910d45cf55050bee569f07a53841225ab84d2130996c78f39fbfa250a3b48ea17bb2d85d4061f1f2456a902ce1325c9477990d8885a0294
Static task
static1
Behavioral task
behavioral1
Sample
KR-US FTA CO.jar
Resource
win7
Behavioral task
behavioral2
Sample
KR-US FTA CO.jar
Resource
win10v200722
Malware Config
Targets
-
-
Target
KR-US FTA CO.jar
-
Size
378KB
-
MD5
ca07db8fd81eec3d8d99f94e2382ebc7
-
SHA1
396070d12ecae5027ea9e815426dae7236bd3bc5
-
SHA256
ccb2826c926e4465ea8ea53563d9308c9847d2ce84b8c82d4d03955a9d25fc51
-
SHA512
236b5ce706db88ff2910d45cf55050bee569f07a53841225ab84d2130996c78f39fbfa250a3b48ea17bb2d85d4061f1f2456a902ce1325c9477990d8885a0294
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-