Overview
overview
7Static
static
1macjihuo-2022/mac.sh
ubuntu-18.04-amd64
3macjihuo-2022/mac.sh
debian-9-armhf
1macjihuo-2022/mac.sh
debian-9-mips
macjihuo-2022/mac.sh
debian-9-mipsel
macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ol.jar
windows7-x64
1macjihuo-2...ol.jar
windows10-2004-x64
7macjihuo-2...ns.jar
windows7-x64
1macjihuo-2...ns.jar
windows10-2004-x64
7macjihuo-2...me.jar
windows7-x64
1macjihuo-2...me.jar
windows10-2004-x64
7macjihuo-2....1.jar
windows7-x64
1macjihuo-2....1.jar
windows10-2004-x64
7macjihuo-2...ap.jar
windows7-x64
1macjihuo-2...ap.jar
windows10-2004-x64
7macjihuo-2...er.jar
windows7-x64
1macjihuo-2...er.jar
windows10-2004-x64
7macjihuo-2...rl.jar
windows7-x64
1macjihuo-2...rl.jar
windows10-2004-x64
7macjihuo-2...17.jar
windows7-x64
1macjihuo-2...17.jar
windows10-2004-x64
7macjihuo-2...18.jar
windows7-x64
1macjihuo-2...18.jar
windows10-2004-x64
7macjihuo-2...19.jar
windows7-x64
1macjihuo-2...19.jar
windows10-2004-x64
7macjihuo-2...nd.jar
windows7-x64
1macjihuo-2...nd.jar
windows10-2004-x64
7macjihuo-2...ea.jar
windows7-x64
1macjihuo-2...ea.jar
windows10-2004-x64
7macjihuo-2...rm.jar
windows7-x64
1macjihuo-2...rm.jar
windows10-2004-x64
7Analysis
-
max time kernel
133s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 12:31
Static task
static1
Behavioral task
behavioral1
Sample
macjihuo-2022/mac.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
macjihuo-2022/mac.sh
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
macjihuo-2022/mac.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral5
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
macjihuo-2022/micool_macconfig/configfile/micool.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
macjihuo-2022/micool_macconfig/configfile/micool/micool.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/dns.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/hideme.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap-v1.0.1.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/mymap.jar
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/power.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
macjihuo-2022/micool_macconfig/configfile/micool/plugins/url.jar
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
macjihuo-2022/micool_macconfig/configfile/micool2017.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
macjihuo-2022/micool_macconfig/configfile/micool2018.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
macjihuo-2022/micool_macconfig/configfile/micool2019.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win7-20240215-en
Behavioral task
behavioral28
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-idea.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-phpstorm.jar
Resource
win10v2004-20240508-en
General
-
Target
macjihuo-2022/micool_macconfig/configfile/yz/active-agt-goland.jar
-
Size
47KB
-
MD5
2fa1b1364515dce93eb67c423b570deb
-
SHA1
2a723c2ef30be4a5c167c6639bf9ec0b9c7e7ca2
-
SHA256
3acc4e9d91793f6909458a4761b75b6da45c8868e75dca33c9fec63659202995
-
SHA512
0b6cf7caf6d48419251d0aa1ccf280536eb20b1f108f874a9ce86943601c2317833031578fc869366e3bc40dedfabfd64527598ea63b879bc77f82a9a218766b
-
SSDEEP
768:Oh7IDIGjwZyHIwcctMtI+xIfo1UC6cB+P9146lp3fbYHfkWvQdptYc4klY:KSIG0ZuIQMtI+xIrTcB034673fbgvYI
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
java.exedescription pid process target process PID 2280 wrote to memory of 1488 2280 java.exe icacls.exe PID 2280 wrote to memory of 1488 2280 java.exe icacls.exe
Processes
-
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\macjihuo-2022\micool_macconfig\configfile\yz\active-agt-goland.jar1⤵
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4360,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:81⤵PID:3164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD52268ec75f82d72ffd738cee8f24b7b43
SHA19dd842ace0e6b515e7fff8f9a9fa9008b1ec7b15
SHA256c824118f582e1ff0ead001530db226b6ca26094274a938095b7ea35196cd519a
SHA512c438a873fc6df5914cd9eb220a9855269ec3b4a2b3e2238b8b32f7579dcdac3cce00c27d33d893644fbb9d32ad9771c71c3c892686d147902127512eef0dcebc