Overview
overview
7Static
static
1macjihuo-2022/mac.sh
ubuntu-18.04-amd64
3macjihuo-2022/mac.sh
debian-9-armhf
1macjihuo-2022/mac.sh
debian-9-mips
macjihuo-2022/mac.sh
debian-9-mipsel
macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ns.jar
windows7-x64
1macjihuo-2...ns.jar
windows10-2004-x64
7macjihuo-2...me.jar
windows7-x64
1macjihuo-2...me.jar
windows10-2004-x64
7macjihuo-2....1.jar
windows7-x64
1macjihuo-2....1.jar
windows10-2004-x64
7macjihuo-2...ap.jar
windows7-x64
1macjihuo-2...ap.jar
windows10-2004-x64
7macjihuo-2...er.jar
windows7-x64
1macjihuo-2...er.jar
windows10-2004-x64
7macjihuo-2...rl.jar
windows7-x64
1macjihuo-2...rl.jar
windows10-2004-x64
7macjihuo-2...17.jar
windows7-x64
1macjihuo-2...17.jar
windows10-2004-x64
7macjihuo-2...18.jar
windows7-x64
1macjihuo-2...18.jar
windows10-2004-x64
7macjihuo-2...19.jar
windows7-x64
1macjihuo-2...19.jar
windows10-2004-x64
7macjihuo-2...nd.jar
windows7-x64
1macjihuo-2...nd.jar
windows10-2004-x64
7macjihuo-2...ea.jar
windows7-x64
1macjihuo-2...ea.jar
windows10-2004-x64
7macjihuo-2...rm.jar
windows7-x64
1macjihuo-2...rm.jar
windows10-2004-x64
7Analysis
-
max time kernel
92s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 12:31
Static task
static1
Behavioral task
behavioral1
Sample
macjihuo-2022/mac.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
macjihuo-2022/mac.sh
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral5
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win10v2004-20240508-en
General
-
Target
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
-
Size
4KB
-
MD5
4f3c516c1704a5569725246d57dd1ae7
-
SHA1
4e8693b5a7a3837cf7f6db0c4f1316f376d34721
-
SHA256
d1150b1831b112b93d74a34a10ce6c11606e0d2255d532c29f91f1d92b40a552
-
SHA512
f885fc751e9035944489578bb037f05521c6258c377c0c7bf8b8d10b799063e6e529c715ecebf9729724f0497f588803d7d463fbb70f5efbd73952624f60d08e
-
SSDEEP
96:LSyBi1RBhx1yI/OEEKXejuu9lSx/xowSpTz7g8nJfTfTX:LSx1RBhx1y0OPhox/6fpTvgeRTfTX
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1224 wrote to memory of 1904 1224 java.exe icacls.exe PID 1224 wrote to memory of 1904 1224 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\macjihuo-2022\micool_macconfig\configfile\micool\plugins\dns.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:1904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5a0b819b2dec9d443c116be7edfa79dbb
SHA1249331803de3961a9ab845bdac014fd2e5d7933f
SHA256d6e1f20e5a836b081d750cfb0540bb137c9e99680216afab2b8d1699e11a416a
SHA512dac344d390cabe20c996159e5ec507c5cf3338cfbdee76279083d28344cce1e34b03117d3e3a58be6291b9d6cb167f39bef6ce4226bbd7812ac39a9bc5d06d25