Overview

overview

7

Static

static

3

Astolfo-Be...4e.ps1

windows7-x64

1

Astolfo-Be...4e.ps1

windows10-2004-x64

1

Astolfo-Beta/libs.jar

windows7-x64

1

Astolfo-Beta/libs.jar

windows10-2004-x64

7

Astolfo-Be...22.jar

windows7-x64

1

Astolfo-Be...22.jar

windows10-2004-x64

7

Astolfo-Be...nk.dll

windows7-x64

1

Astolfo-Be...nk.dll

windows10-2004-x64

1

Astolfo-Be...32.dll

windows7-x64

1

Astolfo-Be...32.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...x8.dll

windows7-x64

1

Astolfo-Be...x8.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...aw.dll

windows7-x64

1

Astolfo-Be...aw.dll

windows10-2004-x64

1

Astolfo-Be...64.dll

windows7-x64

1

Astolfo-Be...64.dll

windows10-2004-x64

1

Astolfo-Be...ab.dll

windows7-x64

1

Astolfo-Be...ab.dll

windows10-2004-x64

1

Astolfo-Be...ch.dll

windows7-x64

1

Astolfo-Be...ch.dll

windows10-2004-x64

1

Astolfo-Be....4.dll

windows7-x64

1

Astolfo-Be....4.dll

windows10-2004-x64

1

Astolfo-Be...32.dll

windows7-x64

1

Astolfo-Be...32.dll

windows10-2004-x64

1

Astolfo-Be...tv.dll

windows7-x64

3

Astolfo-Be...tv.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    138s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 17:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Astolfo-Beta/libs.jar

  • Size

    21.5MB

  • MD5

    4ec8d7f8b47eeb77abf305ccd8606e9d

  • SHA1

    c9e38020439938c7e9affcd172b123037a1c1d40

  • SHA256

    23dc70fe6109878232a327427256b2a642db9fec92793bd3818b86b39c880852

  • SHA512

    e105cdec1ac42bbfe7ef4afebb5338a23a25201eeff062278753e760c862d22695912493dbf407590580cda1c1fb978ab99a2aa7fa09f27c0fb093151bcb0d15

  • SSDEEP

    393216:5fmc9/5ZIprYk97niGL1feinXhC+NbJQ5hfoLAlziCCZcgSC:5p/HIuktJeaXhbJKiAlz3mFSC

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Astolfo-Beta\libs.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:428
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:1876

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
          Filesize

          46B

          MD5

          e8fc0cbb1be13f84015d0e3632e40158

          SHA1

          3df874b885ff512f6085013b0ca51447fa9313e3

          SHA256

          b46063e8834a4da9b33594ad17dc4ab7f63c60acf611e60320c9d57bd47f6bbc

          SHA512

          59bac94eaf89a1c6f0432f0dd20130a3d9130f3adfc371758273f9b62152e6c5a07dd9adbd891b56d9fbbbeb37f98c915d57cc60307e15e2421044e169666227

          Download Submit

        • memory/428-4-0x000001CA0DB10000-0x000001CA0EB10000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/428-12-0x000001CA0C250000-0x000001CA0C251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/428-13-0x000001CA0DB10000-0x000001CA0EB10000-memory.dmp

          Filesize

          16.0MB

          Download