610bce46162ef33ab1af1e3962e720374f3505064de9fd92c9ed9f1f0b2c8e91 | Triage

Sharing

General

Target

DHL SHIPPING DOCUMENT.jar
Size

103KB
Sample

210420-bzwerztn4n
MD5

20e131d47d02df6ee39aef32a059b841
SHA1

7a015f20fd4249787ea9c0593f786837913e340e
SHA256

610bce46162ef33ab1af1e3962e720374f3505064de9fd92c9ed9f1f0b2c8e91
SHA512

fd91579f9485d2cc3c579783300149a5ff2ab0b68218de3c9852a63a45127f4bb3073d1b6d0d113344d1db5abea985e5eca7c66d4fb091ad96f13e9271dbb621

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  DHL SHIPPING DOCUMENT.jar
- Size
  
  103KB
- MD5
  
  20e131d47d02df6ee39aef32a059b841
- SHA1
  
  7a015f20fd4249787ea9c0593f786837913e340e
- SHA256
  
  610bce46162ef33ab1af1e3962e720374f3505064de9fd92c9ed9f1f0b2c8e91
- SHA512
  
  fd91579f9485d2cc3c579783300149a5ff2ab0b68218de3c9852a63a45127f4bb3073d1b6d0d113344d1db5abea985e5eca7c66d4fb091ad96f13e9271dbb621
Score

7^/10

persistence
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2