General
-
Target
Parcel Delivery Note.jar
-
Size
77KB
-
Sample
201023-axtwzp2bte
-
MD5
0d96c82bc640a7304649e294a69b9263
-
SHA1
2a611f879a6e4fa4bf7997392b8735ff6d752c1e
-
SHA256
2a668c8e9f7e67de0b3bb60b71eb701884c98545d2e5b87e4aa97272847bb563
-
SHA512
487a6b6c4142d154030b26a25a8ae43876f7cde9de3465bae3ab95de00920e958c2ff78e6923cca35e9e06dbf1731f980e039bcb26553a4e950f8e621f1be6ed
Static task
static1
Behavioral task
behavioral1
Sample
Parcel Delivery Note.jar
Resource
win7
Behavioral task
behavioral2
Sample
Parcel Delivery Note.jar
Resource
win10
Malware Config
Targets
-
-
Target
Parcel Delivery Note.jar
-
Size
77KB
-
MD5
0d96c82bc640a7304649e294a69b9263
-
SHA1
2a611f879a6e4fa4bf7997392b8735ff6d752c1e
-
SHA256
2a668c8e9f7e67de0b3bb60b71eb701884c98545d2e5b87e4aa97272847bb563
-
SHA512
487a6b6c4142d154030b26a25a8ae43876f7cde9de3465bae3ab95de00920e958c2ff78e6923cca35e9e06dbf1731f980e039bcb26553a4e950f8e621f1be6ed
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-