General
-
Target
DHL Notification DHL_AWB_0011179303.jar
-
Size
75KB
-
Sample
201019-vy4sv9j89n
-
MD5
5492176123097b367c4c36908a67730e
-
SHA1
919867accf22f1ae7bd332690b5c16f7a57f2c68
-
SHA256
113dd566f2ac95687d7bc63b9d45bfa754d2ebd2c923665eed27284d17089a50
-
SHA512
cc8443b2638976f3905be6fa2d14edb17a4b5cdb4274180c90e19732a52825e0601e5767ce21dd9181d07183e8daae8ca850cb0a191ade88d0393d494b1519e1
Static task
static1
Behavioral task
behavioral1
Sample
DHL Notification DHL_AWB_0011179303.jar
Resource
win7v200722
Behavioral task
behavioral2
Sample
DHL Notification DHL_AWB_0011179303.jar
Resource
win10v200722
Malware Config
Targets
-
-
Target
DHL Notification DHL_AWB_0011179303.jar
-
Size
75KB
-
MD5
5492176123097b367c4c36908a67730e
-
SHA1
919867accf22f1ae7bd332690b5c16f7a57f2c68
-
SHA256
113dd566f2ac95687d7bc63b9d45bfa754d2ebd2c923665eed27284d17089a50
-
SHA512
cc8443b2638976f3905be6fa2d14edb17a4b5cdb4274180c90e19732a52825e0601e5767ce21dd9181d07183e8daae8ca850cb0a191ade88d0393d494b1519e1
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-