General
-
Target
jennymod.jar
-
Size
13.4MB
-
Sample
221008-r5jwmsfacj
-
MD5
b05f920d15dfa6884f8ac79ef37b6c0f
-
SHA1
438c1bf2037c093f6213270e4f2581f4bea6912e
-
SHA256
3d4fc6583077d42c76625669ffdabc9e272e33bfe5f1ff166e7f7b596384ba63
-
SHA512
4c800b30e063645380c35b86be2b82eeae9a134dba66ec945c351b69c4c8db28fa7c20b3aed9c36fced7bc3eb34af58f99021448d0147e7de9e942b699ed6315
-
SSDEEP
393216:PWep5Dm2XFQghnwUlTviPnYlocqVmnQ0ILYvLJadUVlfC0T/:P5pNm2XFQgpwmvP5QpLAX
Static task
static1
Behavioral task
behavioral1
Sample
jennymod.jar
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
jennymod.jar
-
Size
13.4MB
-
MD5
b05f920d15dfa6884f8ac79ef37b6c0f
-
SHA1
438c1bf2037c093f6213270e4f2581f4bea6912e
-
SHA256
3d4fc6583077d42c76625669ffdabc9e272e33bfe5f1ff166e7f7b596384ba63
-
SHA512
4c800b30e063645380c35b86be2b82eeae9a134dba66ec945c351b69c4c8db28fa7c20b3aed9c36fced7bc3eb34af58f99021448d0147e7de9e942b699ed6315
-
SSDEEP
393216:PWep5Dm2XFQghnwUlTviPnYlocqVmnQ0ILYvLJadUVlfC0T/:P5pNm2XFQgpwmvP5QpLAX
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Registers new Print Monitor
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-