Overview

overview

7

Static

static

Payment Ad...04.jar

windows7_x64

7

Payment Ad...04.jar

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice Note from_ 2021 05 04.jar

  • Size

    89KB

  • Sample

    210504-91nf3tdjen

  • MD5

    e524d36781eefc64e378408e3aa65c4a

  • SHA1

    8f25c43bad573152028d7f2951e79dd8f16b2b4e

  • SHA256

    67b062361c13e5ba96731b6f43be5dff4f41f0c2d333637fd0ff572e312f8670

  • SHA512

    400c36654f5fd8b02f198335c2a6e333b599a29c44ddd7006cd53ddd622935ea0f7d0547a4e01bc25c5eb104b83d817582504ddf51552659fab26544c512e772

Score
7/10
persistence

Malware Config

Targets

    • Target

      Payment Advice Note from_ 2021 05 04.jar

    • Size

      89KB

    • MD5

      e524d36781eefc64e378408e3aa65c4a

    • SHA1

      8f25c43bad573152028d7f2951e79dd8f16b2b4e

    • SHA256

      67b062361c13e5ba96731b6f43be5dff4f41f0c2d333637fd0ff572e312f8670

    • SHA512

      400c36654f5fd8b02f198335c2a6e333b599a29c44ddd7006cd53ddd622935ea0f7d0547a4e01bc25c5eb104b83d817582504ddf51552659fab26544c512e772

    Score
    7/10
    persistence

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks