General

  • Target

    jre-8u411-windows-any-cpu.exe

  • Size

    348KB

  • Sample

    240611-knx9da1brb

  • MD5

    41a0869c7f66610995d939d4173c2ee4

  • SHA1

    1977fb6d25be844b25cee5b79a6283c129119519

  • SHA256

    9a2a6e29f171357e85f8e28ce5324c2dd2603265bfb5e91faa3164028d1b6846

  • SHA512

    78aa392e8eb5217db0d2201074ab4f876267551c8538bd495e8d471a0e18e3f58e59d4c56e2d740cd6ab41b063168f33fa1e6b87fbe23fefcc8a1bfabc875c43

  • SSDEEP

    6144:ykiaui+L99PmvirP2wqdccEeEfT6f39n30NznWQXgIv:yrlrPmKGLn3ezz3v

Score
7/10

Malware Config

Targets

    • Target

      jre-8u411-windows-any-cpu.exe

    • Size

      348KB

    • MD5

      41a0869c7f66610995d939d4173c2ee4

    • SHA1

      1977fb6d25be844b25cee5b79a6283c129119519

    • SHA256

      9a2a6e29f171357e85f8e28ce5324c2dd2603265bfb5e91faa3164028d1b6846

    • SHA512

      78aa392e8eb5217db0d2201074ab4f876267551c8538bd495e8d471a0e18e3f58e59d4c56e2d740cd6ab41b063168f33fa1e6b87fbe23fefcc8a1bfabc875c43

    • SSDEEP

      6144:ykiaui+L99PmvirP2wqdccEeEfT6f39n30NznWQXgIv:yrlrPmKGLn3ezz3v

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks