Overview

overview

7

Static

static

1

Part-002.zip

windows10-1703-x64

7

Part-002/J...up.exe

windows10-1703-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Part-002.zip

  • Size

    30.2MB

  • Sample

    240109-1h4f7sbbh4

  • MD5

    dfc08e16fbdde3e1c48fb2a66c73625f

  • SHA1

    c183969d3e4ef03057cc37ce2319e07ae9916a5a

  • SHA256

    bd63cb64e17a10c4821dbb6f9d12eda91e070401b03035767caea58674d64a4c

  • SHA512

    85512660d8fac6bb8946efc33e59a30d2edd167471ae01b72459ad0cedd11ff472d5e7c5692568e4357cb104945e6ecf58ef8b8bdc815d020412ac1babd821c3

  • SSDEEP

    786432:osgI7934M5+JZr0j02NhTmOZNToSp6gz/qa:osH+MMJSx/SLSJTqa

Score
7/10
discovery

Malware Config

Targets

    • Target

      Part-002.zip

    • Size

      30.2MB

    • MD5

      dfc08e16fbdde3e1c48fb2a66c73625f

    • SHA1

      c183969d3e4ef03057cc37ce2319e07ae9916a5a

    • SHA256

      bd63cb64e17a10c4821dbb6f9d12eda91e070401b03035767caea58674d64a4c

    • SHA512

      85512660d8fac6bb8946efc33e59a30d2edd167471ae01b72459ad0cedd11ff472d5e7c5692568e4357cb104945e6ecf58ef8b8bdc815d020412ac1babd821c3

    • SSDEEP

      786432:osgI7934M5+JZr0j02NhTmOZNToSp6gz/qa:osH+MMJSx/SLSJTqa

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      Part-002/JDownloaderSetup.exe

    • Size

      30.3MB

    • MD5

      c3c3b50075bd5c87cf500c255dd833fd

    • SHA1

      0b3593f15ebc8424919857d08d016b2cda2b5161

    • SHA256

      a43fa3db0a053119f73a7422453e54318a258a947e8c0fda294b09c52b7459fc

    • SHA512

      f9bd8c26a63b3d7cf6d6f0686a93720f9d3007ae2f196bf195815761b5a38f9fb81f2de6400abd842cc634ab68a14db6741436295a0d667e0b51099dbaf13c9d

    • SSDEEP

      786432:w+gAvXxM03iJzr2tqG533+iRdJEozAw5P0r:w+tG0SJuJpOdoh90r

    Score
    6/10
    discovery

    • Checks for any installed AV software in registry

    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

2
T1553

Install Root Certificate

2
T1553.004

Modify Registry

2
T1112

Credential Access

Discovery

Software Discovery

2
T1518

Security Software Discovery

2
T1518.001

Query Registry

2
T1012

Process Discovery

2
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks