General
-
Target
DHL_10090AWB_09800123_RECIEPT00097.jar
-
Size
67KB
-
Sample
201026-xvnqp8g5cs
-
MD5
6537cf38f55f14c495f66cc0589a37f4
-
SHA1
221ce81e11da1b315e858a441b728c56d52e33fd
-
SHA256
3d9145b3312989c4484d9f7d8baa1f0c05a55126f2a5443e91ddd4ada9dcb3ba
-
SHA512
dfc73eb9bb954ec8ba7954ca2a7e92f4f0c551fd3abce5bec65e408c0554f0fb1db8dd49cec3d96b7c97d3f321f78f78d97bb23da0902cbebe008f18b0ccd86f
Static task
static1
Behavioral task
behavioral1
Sample
DHL_10090AWB_09800123_RECIEPT00097.jar
Resource
win7
Behavioral task
behavioral2
Sample
DHL_10090AWB_09800123_RECIEPT00097.jar
Resource
win10
Malware Config
Targets
-
-
Target
DHL_10090AWB_09800123_RECIEPT00097.jar
-
Size
67KB
-
MD5
6537cf38f55f14c495f66cc0589a37f4
-
SHA1
221ce81e11da1b315e858a441b728c56d52e33fd
-
SHA256
3d9145b3312989c4484d9f7d8baa1f0c05a55126f2a5443e91ddd4ada9dcb3ba
-
SHA512
dfc73eb9bb954ec8ba7954ca2a7e92f4f0c551fd3abce5bec65e408c0554f0fb1db8dd49cec3d96b7c97d3f321f78f78d97bb23da0902cbebe008f18b0ccd86f
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-