General
-
Target
PO#093477.jar
-
Size
220KB
-
Sample
240514-jdjgssff67
-
MD5
a9f7ea02e9ac0ae3efbd5564ebbe62e8
-
SHA1
63719732ad04043d689fc67bcf5fbb9019988e3b
-
SHA256
14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d
-
SHA512
0203c538a03435eae9a22e692520684dec6f61e02d0ce9e4b22587cd8dc9e094b10f9db17fe185ab294ee8d99c4733799de575e76b6e8bd43771858a80a28e37
-
SSDEEP
6144:93VRqxixsnSCgmvS7lUBNo91N78ERZGnHw41d:93VRqxamvSm/o97/RInHh
Static task
static1
Behavioral task
behavioral1
Sample
PO#093477.jar
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
PO#093477.jar
-
Size
220KB
-
MD5
a9f7ea02e9ac0ae3efbd5564ebbe62e8
-
SHA1
63719732ad04043d689fc67bcf5fbb9019988e3b
-
SHA256
14bbc47ec13a911c8863b379d1ad30232a59c9d6fe79fa2cc7aae2f94dad879d
-
SHA512
0203c538a03435eae9a22e692520684dec6f61e02d0ce9e4b22587cd8dc9e094b10f9db17fe185ab294ee8d99c4733799de575e76b6e8bd43771858a80a28e37
-
SSDEEP
6144:93VRqxixsnSCgmvS7lUBNo91N78ERZGnHw41d:93VRqxamvSm/o97/RInHh
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-