17b0474ba20af91e63d44b7ad7543d8a55938ffc14cfb46722180c90e33c891c

Sharing

Copy URL

Twitter E-mail

General

Target

17b0474ba20af91e63d44b7ad7543d8a55938ffc14cfb46722180c90e33c891c
Size

86KB
Sample

220816-dh98esdha6
MD5

a342c6af258de04c58de638d2a9058f9
SHA1

84d93d7e9861f47a73028f41e8c61188edd11662
SHA256

17b0474ba20af91e63d44b7ad7543d8a55938ffc14cfb46722180c90e33c891c
SHA512

6b16db1d2f0aed38fb1732267764ce22f2f66bea8624033621870e156de3e7007cd2fd7f8991d3c561d8e0607394037d1897cd191e2f5aa3fe604b2202a53da5

Score

7^/10

linux

Malware Config

Targets

- Target
  
  jetbra/?????????????????.html
- Size
  
  367B
- MD5
  
  d400de475a63d3460710008e4765d621
- SHA1
  
  f738e1f0208d29cfbb26b2dcc9d29df71274fbd5
- SHA256
  
  eea6292e6d86c4fe93b03a9d88caae9fbf277ead426187ba72ae92d25770c10a
- SHA512
  
  e5ef1efa1cd82992be90d82722249aee83eea8e08d5555459cd3a53f98575298739f8723690311603993ab53d3ca041a4aea0b64a1b1a9c9ad8b038a44adb3e1
Score

5^/10
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  jetbra/ja-netfilter.jar
- Size
  
  47KB
- MD5
  
  2fa1b1364515dce93eb67c423b570deb
- SHA1
  
  2a723c2ef30be4a5c167c6639bf9ec0b9c7e7ca2
- SHA256
  
  3acc4e9d91793f6909458a4761b75b6da45c8868e75dca33c9fec63659202995
- SHA512
  
  0b6cf7caf6d48419251d0aa1ccf280536eb20b1f108f874a9ce86943601c2317833031578fc869366e3bc40dedfabfd64527598ea63b879bc77f82a9a218766b
Score

1^/10
behavioral3 behavioral4
- Target
  
  jetbra/plugins-jetbrains/dns.jar
- Size
  
  4KB
- MD5
  
  4f3c516c1704a5569725246d57dd1ae7
- SHA1
  
  4e8693b5a7a3837cf7f6db0c4f1316f376d34721
- SHA256
  
  d1150b1831b112b93d74a34a10ce6c11606e0d2255d532c29f91f1d92b40a552
- SHA512
  
  f885fc751e9035944489578bb037f05521c6258c377c0c7bf8b8d10b799063e6e529c715ecebf9729724f0497f588803d7d463fbb70f5efbd73952624f60d08e
Score

1^/10
behavioral5 behavioral6
- Target
  
  jetbra/plugins-jetbrains/hideme.jar
- Size
  
  7KB
- MD5
  
  cdab6a30b0949a741f13935f5483c303
- SHA1
  
  729d00e4fa04ca49c00b5b6aa60706dfadd5644e
- SHA256
  
  fa14c735ab9fed3f3a5df0dc78a5d38ae0a146099ddc858197e9f528bd996c40
- SHA512
  
  bf155c0b062fe9c7c237f9b0329a155387b7294fae7c7ed73e41e9528f119ccc513855329f6e91e62106b589c8b215d981ed11f2f89c7e13c06fbdcf7d6d1ee8
Score

1^/10
behavioral7 behavioral8
- Target
  
  jetbra/plugins-jetbrains/power.jar
- Size
  
  9KB
- MD5
  
  d8711b73bc0507dbdc841b098af99787
- SHA1
  
  26ee7577969265ff77a7fd786bcb707fe21a3d6b
- SHA256
  
  7819e5b968ce5ea2e638e53d84089d35e89e9ea3088f18f8dbf6dd38d14ab25a
- SHA512
  
  dde478c503a5fbd17fd3cdac67d379abdb392d9edadc37feeafc3572f44044674af2f16e33b7c201fcb52e0d4eeb635fd53843b58700986aa380191aca6cc843
Score

1^/10
behavioral9 behavioral10
- Target
  
  jetbra/plugins-jetbrains/url.jar
- Size
  
  4KB
- MD5
  
  6b181e5b8255db4cd9beb1c6af5f420e
- SHA1
  
  b1bebbee8d98218db5794f596001b8b7427ae0c7
- SHA256
  
  ce5a83aee31153cca30274ac94467b316edea8cb28acf72f52f5a72d455b1b43
- SHA512
  
  26dabc145da4a987744ab86d600ab81482771fb8fc99933828104d4698f4dc407eb97281a36f01d5852fc2209d0092f10b7d23d62db8f7e456f8d2d0a108ce7a
Score

1^/10
behavioral11 behavioral12
- Target
  
  jetbra/scripts/install-all-users.vbs
- Size
  
  2KB
- MD5
  
  7bd1e1b7aa11ad5a13a6ec23b8afb549
- SHA1
  
  46194b9c7ac66a5446afbcf172ffd7743b53da44
- SHA256
  
  26a6ab6fa87ade5e2384bd539bcd8f01e9400b3ab636de9843c92b8099c96493
- SHA512
  
  230868a57888e897886efb11c32d6c8c79f9ae1bbca4637a4d78d8ad148348bfceff9b7e41106c5281d550d27ed5158ad9faf0cd2df75d7085277bae08061e5c
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  jetbra/scripts/install-current-user.vbs
- Size
  
  1KB
- MD5
  
  939e91d84a77bdb062f768abd336c336
- SHA1
  
  6825df9e07cf9febf0f9d2ff812fdc261f7ba72c
- SHA256
  
  4ed1b665c259991966001d048818a64cd7f3202faf0346c414a6d18c3be2ace0
- SHA512
  
  52dcde5bbc8af2cf80f41e4a1495b55829fa8ebad7c27983d0d30cde1c80d55b9bac26c3055089312650095c4e40890d3d974b4756ddabb93e48ae412e6f0a10
Score

1^/10
behavioral15 behavioral16
- Target
  
  jetbra/scripts/install.sh
- Size
  
  3KB
- MD5
  
  4f86ad982a9cdf710d297f30a1c35d3e
- SHA1
  
  32eb21a4fd2a0ae3ead868dd550d30b64409a883
- SHA256
  
  ff7b76ed04b0ca7e42b380fd3426b4ea14dd1e6fd39154fcd32ef9e11907478f
- SHA512
  
  99a8eacfe80870912a334804ccfcdba1f13a0a5a78f6e4325d124aaf0a1b0352f47fb0144f68003670acb4565ea694f550608fc7343668a2a3d819c03e3e1802
Score

5^/10
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  jetbra/scripts/uninstall-all-users.vbs
- Size
  
  1KB
- MD5
  
  f8ea54322d35bce7f93af2b993a73d7e
- SHA1
  
  e8ec2bd8883202b9e44783ca7b5831c0df35d4db
- SHA256
  
  11811f0c25f30336a0c835dad7e30e7c9810392d207540c847da0e1b7c06ce72
- SHA512
  
  29acd1cbcb0885e9f7bdfd6659b0f7e6d812216c257fe72dace2cdebe9073a6850800cccf7e24d5602beacc6be98f3f63cb9edb173725b10fb9d225b85aa7742
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral21 behavioral22
- Target
  
  jetbra/scripts/uninstall-current-user.vbs
- Size
  
  749B
- MD5
  
  cc38dddf872cc8d42ed2544f3c913f60
- SHA1
  
  f3a9237f31085c7945e41930eb11ac5c86abfc4d
- SHA256
  
  2f9a8e832664bacd9ca9bd3504a0df4e8b6abce9fa153f22c0bbf8192d114fb6
- SHA512
  
  caf882ef13095c63035a9a41e3f909b66a983f5678edf1d4d124bc20a7fce24079a701e13b2970b0c8d8bfd313b5e71de58b62845564b84193dfef9a54129b0f
Score

1^/10
behavioral23 behavioral24
- Target
  
  jetbra/scripts/uninstall.sh
- Size
  
  1KB
- MD5
  
  f8d12ad74edc1df03c1d71e723cf7317
- SHA1
  
  437f66132747f12edaa30d81052b08f8ce99e7ed
- SHA256
  
  ec93dfcdf02f00f21bff552e3ee6899850877a8cc7dd08033d474050ac67a956
- SHA512
  
  5c46956b4497856e881b27aaa2f3306fa7922af180b52aacd1cc4f7881b5ee05d22d02688079cae836d588aacf6592dc2cbcad08fa03925302d20317034031c0
Score

5^/10
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral25 behavioral26 behavioral27 behavioral28

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Checks computer location settings

Reads runtime system information

Writes file to tmp directory

Checks computer location settings

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28