General
-
Target
JJSploit_7.1.3_x86_en-US.msi
-
Size
5.8MB
-
Sample
230401-f9mbsahe9v
-
MD5
89b39aafa577686ce2890ff00a22f7d6
-
SHA1
1259bb1962d23f242ebe340f359b3825a31989d4
-
SHA256
dfdb140d98307146cbdbc726cc1f4897acc14288c95fd8bfc5ab29f91c895fa3
-
SHA512
59d7ee87354f01c9bcaf438086a730f56c671f75815be696b07107d54f886b48a7217a7c4138e690a6c0670b7c39dd564650b63e6e12743d46b3bd65824ad70d
-
SSDEEP
98304:oni7F600rU+xmX0VumSuS2eaYbC8wSKyWatyiGoMNjbLmf19+I3NlNi3bywir:Gi7F6MiVVBS2e3bC8wS+QGZNYpi2
Static task
static1
Malware Config
Targets
-
-
Target
JJSploit_7.1.3_x86_en-US.msi
-
Size
5.8MB
-
MD5
89b39aafa577686ce2890ff00a22f7d6
-
SHA1
1259bb1962d23f242ebe340f359b3825a31989d4
-
SHA256
dfdb140d98307146cbdbc726cc1f4897acc14288c95fd8bfc5ab29f91c895fa3
-
SHA512
59d7ee87354f01c9bcaf438086a730f56c671f75815be696b07107d54f886b48a7217a7c4138e690a6c0670b7c39dd564650b63e6e12743d46b3bd65824ad70d
-
SSDEEP
98304:oni7F600rU+xmX0VumSuS2eaYbC8wSKyWatyiGoMNjbLmf19+I3NlNi3bywir:Gi7F6MiVVBS2e3bC8wS+QGZNYpi2
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-