General

  • Target

    installerGenbox.jnlp

  • Size

    4KB

  • Sample

    230323-25k4taag34

  • MD5

    859f15a051c3505bc410e779dac34783

  • SHA1

    51cc512ec05c62b7b085053d842e81b5403c2a9f

  • SHA256

    aaa1a4f0e09322ac4423b9581f7dd5dcfd836fe22c418b66c2487d075daa4922

  • SHA512

    1e052244151f14cd6796825ff6c3b1508e3dd9c55f1960e753e40f5bf7b468dcbb136a1f0d128a7b49b2f819cd72147faf9e5fce02b96d91eb8f3489855b8c6b

  • SSDEEP

    96:k5iwWqjJOJMSEGVjQo2/syN0wCILbIWxh7xp:yiwzhz1gILLxp

Malware Config

Extracted

Rule
Java Network Launch Protocol (JNLP)
C2

https:/genboxtrading.com/software/genbox/installerGenbox.jnlp

Targets

    • Target

      installerGenbox.jnlp

    • Size

      4KB

    • MD5

      859f15a051c3505bc410e779dac34783

    • SHA1

      51cc512ec05c62b7b085053d842e81b5403c2a9f

    • SHA256

      aaa1a4f0e09322ac4423b9581f7dd5dcfd836fe22c418b66c2487d075daa4922

    • SHA512

      1e052244151f14cd6796825ff6c3b1508e3dd9c55f1960e753e40f5bf7b468dcbb136a1f0d128a7b49b2f819cd72147faf9e5fce02b96d91eb8f3489855b8c6b

    • SSDEEP

      96:k5iwWqjJOJMSEGVjQo2/syN0wCILbIWxh7xp:yiwzhz1gILLxp

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

Tasks