General
-
Target
jre-8u411-windows-any-cpu.exe
-
Size
348KB
-
Sample
240611-knx9da1brb
-
MD5
41a0869c7f66610995d939d4173c2ee4
-
SHA1
1977fb6d25be844b25cee5b79a6283c129119519
-
SHA256
9a2a6e29f171357e85f8e28ce5324c2dd2603265bfb5e91faa3164028d1b6846
-
SHA512
78aa392e8eb5217db0d2201074ab4f876267551c8538bd495e8d471a0e18e3f58e59d4c56e2d740cd6ab41b063168f33fa1e6b87fbe23fefcc8a1bfabc875c43
-
SSDEEP
6144:ykiaui+L99PmvirP2wqdccEeEfT6f39n30NznWQXgIv:yrlrPmKGLn3ezz3v
Static task
static1
Behavioral task
behavioral1
Sample
jre-8u411-windows-any-cpu.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
jre-8u411-windows-any-cpu.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
jre-8u411-windows-any-cpu.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
jre-8u411-windows-any-cpu.exe
-
Size
348KB
-
MD5
41a0869c7f66610995d939d4173c2ee4
-
SHA1
1977fb6d25be844b25cee5b79a6283c129119519
-
SHA256
9a2a6e29f171357e85f8e28ce5324c2dd2603265bfb5e91faa3164028d1b6846
-
SHA512
78aa392e8eb5217db0d2201074ab4f876267551c8538bd495e8d471a0e18e3f58e59d4c56e2d740cd6ab41b063168f33fa1e6b87fbe23fefcc8a1bfabc875c43
-
SSDEEP
6144:ykiaui+L99PmvirP2wqdccEeEfT6f39n30NznWQXgIv:yrlrPmKGLn3ezz3v
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1