Overview

overview

8

Static

static

1

JDownloaderSetup.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JDownloaderSetup.exe

  • Size

    30.3MB

  • Sample

    240621-3ce8javeqe

  • MD5

    c3c3b50075bd5c87cf500c255dd833fd

  • SHA1

    0b3593f15ebc8424919857d08d016b2cda2b5161

  • SHA256

    a43fa3db0a053119f73a7422453e54318a258a947e8c0fda294b09c52b7459fc

  • SHA512

    f9bd8c26a63b3d7cf6d6f0686a93720f9d3007ae2f196bf195815761b5a38f9fb81f2de6400abd842cc634ab68a14db6741436295a0d667e0b51099dbaf13c9d

  • SSDEEP

    786432:w+gAvXxM03iJzr2tqG533+iRdJEozAw5P0r:w+tG0SJuJpOdoh90r

Score
8/10
discoveryexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Targets

    • Target

      JDownloaderSetup.exe

    • Size

      30.3MB

    • MD5

      c3c3b50075bd5c87cf500c255dd833fd

    • SHA1

      0b3593f15ebc8424919857d08d016b2cda2b5161

    • SHA256

      a43fa3db0a053119f73a7422453e54318a258a947e8c0fda294b09c52b7459fc

    • SHA512

      f9bd8c26a63b3d7cf6d6f0686a93720f9d3007ae2f196bf195815761b5a38f9fb81f2de6400abd842cc634ab68a14db6741436295a0d667e0b51099dbaf13c9d

    • SSDEEP

      786432:w+gAvXxM03iJzr2tqG533+iRdJEozAw5P0r:w+tG0SJuJpOdoh90r

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Creates new service(s)

      persistenceexecution

    • Sets service image path in registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks for any installed AV software in registry

    • Downloads MZ/PE file

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks