Overview
overview
7Static
static
1macjihuo-2022/mac.sh
ubuntu-18.04-amd64
3macjihuo-2022/mac.sh
debian-9-armhf
1macjihuo-2022/mac.sh
debian-9-mips
macjihuo-2022/mac.sh
debian-9-mipsel
macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ns.jar
windows7-x64
1macjihuo-2...ns.jar
windows10-2004-x64
7macjihuo-2...me.jar
windows7-x64
1macjihuo-2...me.jar
windows10-2004-x64
7macjihuo-2....1.jar
windows7-x64
1macjihuo-2....1.jar
windows10-2004-x64
7macjihuo-2...ap.jar
windows7-x64
1macjihuo-2...ap.jar
windows10-2004-x64
7macjihuo-2...er.jar
windows7-x64
1macjihuo-2...er.jar
windows10-2004-x64
7macjihuo-2...rl.jar
windows7-x64
1macjihuo-2...rl.jar
windows10-2004-x64
7macjihuo-2...17.jar
windows7-x64
1macjihuo-2...17.jar
windows10-2004-x64
7macjihuo-2...18.jar
windows7-x64
1macjihuo-2...18.jar
windows10-2004-x64
7macjihuo-2...19.jar
windows7-x64
1macjihuo-2...19.jar
windows10-2004-x64
7macjihuo-2...nd.jar
windows7-x64
1macjihuo-2...nd.jar
windows10-2004-x64
7macjihuo-2...ea.jar
windows7-x64
1macjihuo-2...ea.jar
windows10-2004-x64
7macjihuo-2...rm.jar
windows7-x64
1macjihuo-2...rm.jar
windows10-2004-x64
7Analysis
-
max time kernel
134s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 12:31
Static task
static1
Behavioral task
behavioral1
Sample
macjihuo-2022/mac.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
macjihuo-2022/mac.sh
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral5
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win10v2004-20240508-en
General
-
Target
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
-
Size
7KB
-
MD5
cdab6a30b0949a741f13935f5483c303
-
SHA1
729d00e4fa04ca49c00b5b6aa60706dfadd5644e
-
SHA256
fa14c735ab9fed3f3a5df0dc78a5d38ae0a146099ddc858197e9f528bd996c40
-
SHA512
bf155c0b062fe9c7c237f9b0329a155387b7294fae7c7ed73e41e9528f119ccc513855329f6e91e62106b589c8b215d981ed11f2f89c7e13c06fbdcf7d6d1ee8
-
SSDEEP
96:ohFTqRYuFhXQ5GeiCGkeFUgbH44yY8NVFubQLwNUmvHh18OiPKwChme:gFuRDiiCSbH4u8ZuvOMBGOiEme
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1704 wrote to memory of 2308 1704 java.exe icacls.exe PID 1704 wrote to memory of 2308 1704 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\macjihuo-2022\micool_macconfig\configfile\micool\plugins\hideme.jar1⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3924,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:81⤵PID:2456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD56949ebf6daafd767395fbe0db55cf4fa
SHA1d8f2f1542d31463974151c23e2e00ca9637051fb
SHA256ae4d3c3546535bdd215ee2bc17918f5e14567d1b7047ce06ae683f571a3d1080
SHA512e9eb75cf6cc813d75607858ce2d7da79eb5524de9270f1e8c639ba0864dc95fd3503829aaf147d7ce111859dbbbc09cb102ba6dcdaff4df18c081ce9a0622ccf