General
-
Target
Jeqon Original.bat.zip
-
Size
7KB
-
Sample
201211-ymjx35b2kn
-
MD5
27a38674463492be7f0bd6c5d0c9ae56
-
SHA1
e7527c0b7ea8a939ab9daa39015c5dd957adb04c
-
SHA256
39941719b8830c9f6f023a105c994b10bd2063c0df4504b01ced0a9d2050256b
-
SHA512
9b46a24d35aa2e38298cce9f360d8868a195ca9880ff0003feabb112e573900e4c237710406894ae60c64f007319decf3a6a7a5a99c33aca59a7e5665d6e629a
Static task
static1
Behavioral task
behavioral1
Sample
Jeqon Original.bat
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Jeqon Original.bat
Resource
win10v20201028
Malware Config
Extracted
https://findqualityparts.com/kr44dt.zip
https://saelectronicstrading.com/dekkp2ciq.zip
http://loftkultur.binkhalidinternational.com/hh7lww450.zip
http://excursoesdeinhamais.resultaweb.com.br/edyk3dbr.zip
http://vibeautospa.com/xm9d9i.zip
https://greeninvestconsulting.com/c51qtl1uf.zip
https://owl-squad.com/icg2mmdqx.zip
Extracted
https://cutt.ly/phEd17l
Extracted
http://185.189.58.222/bamm.exe
Extracted
dridex
10555
104.131.164.93:443
46.101.90.205:4643
27.254.174.84:4443
92.94.251.127:3786
Targets
-
-
Target
Jeqon Original.bat
-
Size
22KB
-
MD5
f57f31e108400b750a51bcf9558224b3
-
SHA1
89c501e3682a9a67c0a4c10bd7bb3ab5c1bbe6c1
-
SHA256
fb4eaf0f3a0829e333be1d7cff359ef895bf3926b835302e32827e2a7ef8d2ef
-
SHA512
c442f8278a090cfe1271c84ae6d47d3beea4c3fdc84eac30bcb6ee8052f51e95afb8c715b0c6c255556f2c1a67e436adb50bfcb67ad52115affa5394203a3fd7
-
Modifies system executable filetype association
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Use of msiexec (install) with remote resource
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Change Default File Association
1Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1