Overview

overview

10

Static

static

10

1.16.5.jar

windows7-x64

1

1.16.5.jar

windows10-2004-x64

7

Resubmissions

01-05-2024 06:33

240501-hbl98scc57 10

01-05-2024 06:29

240501-g89lcscb93 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.16.5.jar

  • Size

    639KB

  • Sample

    240501-g89lcscb93

  • MD5

    f03c1b24fdfba7ec585ec71898b42f4e

  • SHA1

    d1a453cb70e52f94386ce3d3009baa675a311004

  • SHA256

    0aa6491b61b2dbbd8e24f13dcfcd795fc62b943fa6ad9441435c673d010a7871

  • SHA512

    1a7cb53978236da109368ca04553ef6c42b77a7ccfa31af0e1491ea592d4db28b3af92fc7c4623c52acc9bacd3e62deef3e2a16296b2d4c4debe6280e49c9807

  • SSDEEP

    12288:u/PhQN/rTZMrF4Vlwxszgu/DRL+hXwNqfqgyh6RNc30uE2hUS6VDEz:u/ZQNRMB4jDzguNmSqfLYp0uZhn6VDEz

Score
10/10
adwinddiscoverypersistence

Malware Config

Targets

    • Target

      1.16.5.jar

    • Size

      639KB

    • MD5

      f03c1b24fdfba7ec585ec71898b42f4e

    • SHA1

      d1a453cb70e52f94386ce3d3009baa675a311004

    • SHA256

      0aa6491b61b2dbbd8e24f13dcfcd795fc62b943fa6ad9441435c673d010a7871

    • SHA512

      1a7cb53978236da109368ca04553ef6c42b77a7ccfa31af0e1491ea592d4db28b3af92fc7c4623c52acc9bacd3e62deef3e2a16296b2d4c4debe6280e49c9807

    • SSDEEP

      12288:u/PhQN/rTZMrF4Vlwxszgu/DRL+hXwNqfqgyh6RNc30uE2hUS6VDEz:u/ZQNRMB4jDzguNmSqfLYp0uZhn6VDEz

    Score
    7/10
    discoverypersistence

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

1
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks