General
-
Target
Scanned from a Xerox Multifunction Printer.jar
-
Size
79KB
-
Sample
201027-4vdwl68hce
-
MD5
7dba8420e5d72c58298108bb85e0eb96
-
SHA1
0f54ab5e95fa9639b1262ef8b39d2e2d49d6e467
-
SHA256
712889ab26a68bc90c620870eb8e3f5be8f46cdde742ebc63d6e891ca63b04a5
-
SHA512
6f7db07f9332cd77a07a857ea88de507ff8243f6c11f267a3b7a7b07ab9c42775db05dc1f6f12e7c367f92ce43adc5ff2927f940a6580f52e5420402c1bc93ae
Static task
static1
Behavioral task
behavioral1
Sample
Scanned from a Xerox Multifunction Printer.jar
Resource
win7
Behavioral task
behavioral2
Sample
Scanned from a Xerox Multifunction Printer.jar
Resource
win10
Malware Config
Targets
-
-
Target
Scanned from a Xerox Multifunction Printer.jar
-
Size
79KB
-
MD5
7dba8420e5d72c58298108bb85e0eb96
-
SHA1
0f54ab5e95fa9639b1262ef8b39d2e2d49d6e467
-
SHA256
712889ab26a68bc90c620870eb8e3f5be8f46cdde742ebc63d6e891ca63b04a5
-
SHA512
6f7db07f9332cd77a07a857ea88de507ff8243f6c11f267a3b7a7b07ab9c42775db05dc1f6f12e7c367f92ce43adc5ff2927f940a6580f52e5420402c1bc93ae
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
JavaScript code in executable
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-