General

  • Target

    jre-8u281-windows-x64.exe

  • Size

    79.7MB

  • Sample

    210122-j4x17fr8s2

  • MD5

    c6136758f1fec04a2f7f01249280c315

  • SHA1

    5835e46596fe9f4dfe48fd5dd3947dc650d196ec

  • SHA256

    27fd9a85f2b49ae6a11b15e36ab28c0493d5572357edf2990a65a2b56f1e1157

  • SHA512

    045f33920fb3882d8f24c06e2179934601396636d2ddc360a2a6f03862e40b188506f8da530e4197e4a0e1c79cda48987e810425079377f357fbcf7950c6b030

Malware Config

Targets

    • Target

      jre-8u281-windows-x64.exe

    • Size

      79.7MB

    • MD5

      c6136758f1fec04a2f7f01249280c315

    • SHA1

      5835e46596fe9f4dfe48fd5dd3947dc650d196ec

    • SHA256

      27fd9a85f2b49ae6a11b15e36ab28c0493d5572357edf2990a65a2b56f1e1157

    • SHA512

      045f33920fb3882d8f24c06e2179934601396636d2ddc360a2a6f03862e40b188506f8da530e4197e4a0e1c79cda48987e810425079377f357fbcf7950c6b030

    • Registers COM server for autorun

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks