Overview

overview

7

Static

static

1

ja-netfilter.jar

windows7-x64

1

ja-netfilter.jar

windows10-2004-x64

7

plugins-je...ns.jar

windows7-x64

1

plugins-je...ns.jar

windows10-2004-x64

7

plugins-je...me.jar

windows7-x64

1

plugins-je...me.jar

windows10-2004-x64

7

plugins-je...er.jar

windows7-x64

1

plugins-je...er.jar

windows10-2004-x64

7

plugins-je...rl.jar

windows7-x64

1

plugins-je...rl.jar

windows10-2004-x64

7

scripts/in...rs.vbs

windows7-x64

3

scripts/in...rs.vbs

windows10-2004-x64

7

scripts/in...er.vbs

windows7-x64

1

scripts/in...er.vbs

windows10-2004-x64

1

scripts/install.sh

ubuntu-18.04-amd64

3

scripts/install.sh

debian-9-armhf

3

scripts/install.sh

debian-9-mips

3

scripts/install.sh

debian-9-mipsel

1

scripts/un...rs.vbs

windows7-x64

3

scripts/un...rs.vbs

windows10-2004-x64

7

scripts/un...er.vbs

windows7-x64

1

scripts/un...er.vbs

windows10-2004-x64

1

scripts/uninstall.sh

ubuntu-18.04-amd64

3

scripts/uninstall.sh

debian-9-armhf

3

scripts/uninstall.sh

debian-9-mips

3

scripts/uninstall.sh

debian-9-mipsel

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d82f76ab1d5ce45980e6190eb3603d73f8dff7e71b0f2f321c5a4a8578a80647

  • Size

    84KB

  • Sample

    231220-lehm1aaec4

  • MD5

    03ca0355901c61d0a2083311afc9935b

  • SHA1

    130ed3c8cb756b6518ffb23bacdccc2b0b29abfa

  • SHA256

    d82f76ab1d5ce45980e6190eb3603d73f8dff7e71b0f2f321c5a4a8578a80647

  • SHA512

    b66689a6b9c78bf39969aadc317ddf28f53623cca1700abe838cfdc7e4a9b57ca65288fae6ecfc51b6bb57ce9b61b0e20aeee26406966db6be72c92dbee4a62a

  • SSDEEP

    1536:KVknK2rhneZJZKOG4AH73yHFlcH061mXln9nW3q0f:Uh2rNezDtAH7CHFlcHAj10f

Score
7/10
discoverylinux

Malware Config

Targets

    • Target

      ja-netfilter.jar

    • Size

      47KB

    • MD5

      2fa1b1364515dce93eb67c423b570deb

    • SHA1

      2a723c2ef30be4a5c167c6639bf9ec0b9c7e7ca2

    • SHA256

      3acc4e9d91793f6909458a4761b75b6da45c8868e75dca33c9fec63659202995

    • SHA512

      0b6cf7caf6d48419251d0aa1ccf280536eb20b1f108f874a9ce86943601c2317833031578fc869366e3bc40dedfabfd64527598ea63b879bc77f82a9a218766b

    • SSDEEP

      768:Oh7IDIGjwZyHIwcctMtI+xIfo1UC6cB+P9146lp3fbYHfkWvQdptYc4klY:KSIG0ZuIQMtI+xIrTcB034673fbgvYI

    Score
    7/10
    discovery
    behavioral1behavioral2

    • Target

      plugins-jetbrains/dns.jar

    • Size

      4KB

    • MD5

      4f3c516c1704a5569725246d57dd1ae7

    • SHA1

      4e8693b5a7a3837cf7f6db0c4f1316f376d34721

    • SHA256

      d1150b1831b112b93d74a34a10ce6c11606e0d2255d532c29f91f1d92b40a552

    • SHA512

      f885fc751e9035944489578bb037f05521c6258c377c0c7bf8b8d10b799063e6e529c715ecebf9729724f0497f588803d7d463fbb70f5efbd73952624f60d08e

    • SSDEEP

      96:LSyBi1RBhx1yI/OEEKXejuu9lSx/xowSpTz7g8nJfTfTX:LSx1RBhx1y0OPhox/6fpTvgeRTfTX

    Score
    7/10
    discovery
    behavioral3behavioral4

    • Target

      plugins-jetbrains/hideme.jar

    • Size

      7KB

    • MD5

      cdab6a30b0949a741f13935f5483c303

    • SHA1

      729d00e4fa04ca49c00b5b6aa60706dfadd5644e

    • SHA256

      fa14c735ab9fed3f3a5df0dc78a5d38ae0a146099ddc858197e9f528bd996c40

    • SHA512

      bf155c0b062fe9c7c237f9b0329a155387b7294fae7c7ed73e41e9528f119ccc513855329f6e91e62106b589c8b215d981ed11f2f89c7e13c06fbdcf7d6d1ee8

    • SSDEEP

      96:ohFTqRYuFhXQ5GeiCGkeFUgbH44yY8NVFubQLwNUmvHh18OiPKwChme:gFuRDiiCSbH4u8ZuvOMBGOiEme

    Score
    7/10
    discovery
    behavioral5behavioral6

    • Target

      plugins-jetbrains/power.jar

    • Size

      9KB

    • MD5

      d8711b73bc0507dbdc841b098af99787

    • SHA1

      26ee7577969265ff77a7fd786bcb707fe21a3d6b

    • SHA256

      7819e5b968ce5ea2e638e53d84089d35e89e9ea3088f18f8dbf6dd38d14ab25a

    • SHA512

      dde478c503a5fbd17fd3cdac67d379abdb392d9edadc37feeafc3572f44044674af2f16e33b7c201fcb52e0d4eeb635fd53843b58700986aa380191aca6cc843

    • SSDEEP

      192:82u+Rd5aW2DJ1uPpz22NQUsLvA2EagRl3W8H:Du+loJ1EJ22dr1H

    Score
    7/10
    discovery
    behavioral7behavioral8

    • Target

      plugins-jetbrains/url.jar

    • Size

      4KB

    • MD5

      6b181e5b8255db4cd9beb1c6af5f420e

    • SHA1

      b1bebbee8d98218db5794f596001b8b7427ae0c7

    • SHA256

      ce5a83aee31153cca30274ac94467b316edea8cb28acf72f52f5a72d455b1b43

    • SHA512

      26dabc145da4a987744ab86d600ab81482771fb8fc99933828104d4698f4dc407eb97281a36f01d5852fc2209d0092f10b7d23d62db8f7e456f8d2d0a108ce7a

    • SSDEEP

      96:KPP4+DT0nUeKLB3pWsWJMN4j4pbxYQcTxBWUw3/6ws3U:IPLTLRZWsN+6xATHO3iN3U

    Score
    7/10
    discovery
    behavioral10behavioral9

    • Target

      scripts/install-all-users.vbs

    • Size

      2KB

    • MD5

      7bd1e1b7aa11ad5a13a6ec23b8afb549

    • SHA1

      46194b9c7ac66a5446afbcf172ffd7743b53da44

    • SHA256

      26a6ab6fa87ade5e2384bd539bcd8f01e9400b3ab636de9843c92b8099c96493

    • SHA512

      230868a57888e897886efb11c32d6c8c79f9ae1bbca4637a4d78d8ad148348bfceff9b7e41106c5281d550d27ed5158ad9faf0cd2df75d7085277bae08061e5c

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11behavioral12

    • Target

      scripts/install-current-user.vbs

    • Size

      1KB

    • MD5

      939e91d84a77bdb062f768abd336c336

    • SHA1

      6825df9e07cf9febf0f9d2ff812fdc261f7ba72c

    • SHA256

      4ed1b665c259991966001d048818a64cd7f3202faf0346c414a6d18c3be2ace0

    • SHA512

      52dcde5bbc8af2cf80f41e4a1495b55829fa8ebad7c27983d0d30cde1c80d55b9bac26c3055089312650095c4e40890d3d974b4756ddabb93e48ae412e6f0a10

    Score
    1/10
    behavioral13behavioral14

    • Target

      scripts/install.sh

    • Size

      3KB

    • MD5

      4f86ad982a9cdf710d297f30a1c35d3e

    • SHA1

      32eb21a4fd2a0ae3ead868dd550d30b64409a883

    • SHA256

      ff7b76ed04b0ca7e42b380fd3426b4ea14dd1e6fd39154fcd32ef9e11907478f

    • SHA512

      99a8eacfe80870912a334804ccfcdba1f13a0a5a78f6e4325d124aaf0a1b0352f47fb0144f68003670acb4565ea694f550608fc7343668a2a3d819c03e3e1802

    Score
    3/10
    behavioral15behavioral16behavioral17behavioral18

    • Target

      scripts/uninstall-all-users.vbs

    • Size

      1KB

    • MD5

      f8ea54322d35bce7f93af2b993a73d7e

    • SHA1

      e8ec2bd8883202b9e44783ca7b5831c0df35d4db

    • SHA256

      11811f0c25f30336a0c835dad7e30e7c9810392d207540c847da0e1b7c06ce72

    • SHA512

      29acd1cbcb0885e9f7bdfd6659b0f7e6d812216c257fe72dace2cdebe9073a6850800cccf7e24d5602beacc6be98f3f63cb9edb173725b10fb9d225b85aa7742

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral19behavioral20

    • Target

      scripts/uninstall-current-user.vbs

    • Size

      749B

    • MD5

      cc38dddf872cc8d42ed2544f3c913f60

    • SHA1

      f3a9237f31085c7945e41930eb11ac5c86abfc4d

    • SHA256

      2f9a8e832664bacd9ca9bd3504a0df4e8b6abce9fa153f22c0bbf8192d114fb6

    • SHA512

      caf882ef13095c63035a9a41e3f909b66a983f5678edf1d4d124bc20a7fce24079a701e13b2970b0c8d8bfd313b5e71de58b62845564b84193dfef9a54129b0f

    Score
    1/10
    behavioral21behavioral22

    • Target

      scripts/uninstall.sh

    • Size

      1KB

    • MD5

      f8d12ad74edc1df03c1d71e723cf7317

    • SHA1

      437f66132747f12edaa30d81052b08f8ce99e7ed

    • SHA256

      ec93dfcdf02f00f21bff552e3ee6899850877a8cc7dd08033d474050ac67a956

    • SHA512

      5c46956b4497856e881b27aaa2f3306fa7922af180b52aacd1cc4f7881b5ee05d22d02688079cae836d588aacf6592dc2cbcad08fa03925302d20317034031c0

    Score
    3/10
    behavioral23behavioral24behavioral25behavioral26

MITRE ATT&CK Enterprise v15

Tasks