General
-
Target
OpenJDK.exe
-
Size
222KB
-
Sample
240605-s7bhqaca47
-
MD5
c396b1fd61ffbd2497cab8daeb9b43fc
-
SHA1
19e401dfae6573ddf0c17ee850b3fa28ba80c65e
-
SHA256
0284fb14f42ec644bcc67ffe0bd6d8f3fd5227ef414dc261570031215efc6957
-
SHA512
32002c3ab4824d8f3f1ab8b2b67c87031f4d1782357b974811f4545ee7868d3c6e91d5c55b4507715b9b2d3b0114ebfaf30b8710d09d32eae7de6d5ca188e7bc
-
SSDEEP
3072:AyhhhrfMy5xIlE5kt/lhZ5a04qeVVhOIPKxx9D5JhGema2DQk03BOQWNL7k/IA:thhhrfMymW9lS7nP2DQpOQI7k/
Malware Config
Targets
-
-
Target
OpenJDK.exe
-
Size
222KB
-
MD5
c396b1fd61ffbd2497cab8daeb9b43fc
-
SHA1
19e401dfae6573ddf0c17ee850b3fa28ba80c65e
-
SHA256
0284fb14f42ec644bcc67ffe0bd6d8f3fd5227ef414dc261570031215efc6957
-
SHA512
32002c3ab4824d8f3f1ab8b2b67c87031f4d1782357b974811f4545ee7868d3c6e91d5c55b4507715b9b2d3b0114ebfaf30b8710d09d32eae7de6d5ca188e7bc
-
SSDEEP
3072:AyhhhrfMy5xIlE5kt/lhZ5a04qeVVhOIPKxx9D5JhGema2DQk03BOQWNL7k/IA:thhhrfMymW9lS7nP2DQpOQI7k/
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-