General
-
Target
jetclean-setup.exe.7z
-
Size
3.5MB
-
Sample
230509-r8bz7sca5y
-
MD5
45ec6e14b93259dc59ac3b2fd0b8ddc1
-
SHA1
5d6eac349c5c96f373d7a495f7bf31d99287d17c
-
SHA256
87acaa1fb35b75e7a95fddc163b49482ce618709d6a4403773e154375d73fd71
-
SHA512
e8ef25f19904e091301334a7bb5d903e0be2a981fdfb0d4360c50e89ae3b8dc32d1647ffcb6f87e055aeb262e49f890e81677ca4a4fded90f563d05f4a49b503
-
SSDEEP
98304:Hn/kxW8ODZRbpt8dTrlKD4h4BSx0/aTW5E2Nb:HnUHODv4VKD47x08K
Malware Config
Targets
-
-
Target
jetclean-setup.exe
-
Size
3.6MB
-
MD5
da369354de604fb590fd424db6e2e9ee
-
SHA1
5a54180c3a3b001974e7297f13fc3b8b5897e321
-
SHA256
8c0bc3ebb4330e5c886fe49acc8a631cfcc6a2c848d4b99fadde3a2dc213c56f
-
SHA512
028b537f2a4ec4a22faf6dc72e4534edc00886f8345cb13535905c9fb35cffea372c6cfa6724d1f5ad852f2deb1ae2b06b66030bc3ed89f6a7253e17833417de
-
SSDEEP
98304:u1LoJwvXuVix8l6GNh6FkRLaiqQKSshe/IPH:ufe8Slf22awXzIPH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-