Overview
overview
7Static
static
1macjihuo-2022/mac.sh
ubuntu-18.04-amd64
3macjihuo-2022/mac.sh
debian-9-armhf
1macjihuo-2022/mac.sh
debian-9-mips
macjihuo-2022/mac.sh
debian-9-mipsel
macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ns.jar
windows7-x64
1macjihuo-2...ns.jar
windows10-2004-x64
7macjihuo-2...me.jar
windows7-x64
1macjihuo-2...me.jar
windows10-2004-x64
7macjihuo-2....1.jar
windows7-x64
1macjihuo-2....1.jar
windows10-2004-x64
7macjihuo-2...ap.jar
windows7-x64
1macjihuo-2...ap.jar
windows10-2004-x64
7macjihuo-2...er.jar
windows7-x64
1macjihuo-2...er.jar
windows10-2004-x64
7macjihuo-2...rl.jar
windows7-x64
1macjihuo-2...rl.jar
windows10-2004-x64
7macjihuo-2...17.jar
windows7-x64
1macjihuo-2...17.jar
windows10-2004-x64
7macjihuo-2...18.jar
windows7-x64
1macjihuo-2...18.jar
windows10-2004-x64
7macjihuo-2...19.jar
windows7-x64
1macjihuo-2...19.jar
windows10-2004-x64
7macjihuo-2...nd.jar
windows7-x64
1macjihuo-2...nd.jar
windows10-2004-x64
7macjihuo-2...ea.jar
windows7-x64
1macjihuo-2...ea.jar
windows10-2004-x64
7macjihuo-2...rm.jar
windows7-x64
1macjihuo-2...rm.jar
windows10-2004-x64
7Analysis
-
max time kernel
91s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 12:31
Static task
static1
Behavioral task
behavioral1
Sample
macjihuo-2022/mac.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
macjihuo-2022/mac.sh
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral5
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win10v2004-20240508-en
General
-
Target
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
-
Size
2.3MB
-
MD5
b7650f3603805693d7633b64a755b416
-
SHA1
de72619132579a7fde5a441f880955087d32f6ed
-
SHA256
e3055d5b636b39d5609b8cfa28da2d8955615985fad53a5c27baac51cadbc698
-
SHA512
55c059b134c705460fc6ae4d5a1e87890dcda2a9dd8f587e6941f9003851fc703d04789d8ef58fd9e625fef86fc3a5cddebc2c25765a0444942da32f97d21ef0
-
SSDEEP
49152:gxb6HEDaGHPVguuB1Gfgl5lXsfYCtfoPios0FNFDBrcLEmuYS:gxb6kDJH9dfglTXaltKioRfiEmu9
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
java.exepid process 1400 java.exe 1400 java.exe 1400 java.exe 1400 java.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 1400 wrote to memory of 720 1400 java.exe icacls.exe PID 1400 wrote to memory of 720 1400 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\macjihuo-2022\micool_macconfig\configfile\micool2019.jar1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1400 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:720
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD53ecfd3a15ec5e7ed2515b1a5eadccb97
SHA1f4a57fe6caea99b2a9ae6a893be90d2c46f3dab2
SHA256cf7f77b1a0c1d0b9a435ed64ceeb222eac204ba6934a78e89aed5ceb374dd674
SHA512155ac125458b8a608b95a21c9ad446973a981ada01f5a0b20b6a11b2085ba8bd98420cfba1e18a56a188ff04cf62f63c54dec26b3a4657169da639375c939220