General
-
Target
JJSploit_7.3.0_x86_en-US.msi
-
Size
5.8MB
-
Sample
240713-savkbsvgjp
-
MD5
9c232fe2ede51929244afc5c67e53b51
-
SHA1
8e8bb0eda09d25c1f44b8abd66a7e15a414b76f5
-
SHA256
1985fdbec700334fbb2c907f37a102930744e6b3e9198c25f516eae9f6854e9b
-
SHA512
d7ba56ed15a4bb482a69543e6bfe11d0aed4bf6b6b037d51dc2d191e1eaae187d1297bbb7c847d73259c34bb9ee26f26f3689c2592b4ff92968101303be61492
-
SSDEEP
98304:57AC5TdoYMyLSRpyviWkKPm7I2lLYaQ9OoSwYQf9Ib9XuvmhueA34SHeFblFY6nm:/T+USRLWtPm/O9SwYmIb9S5K3F6Wa
Malware Config
Targets
-
-
Target
JJSploit_7.3.0_x86_en-US.msi
-
Size
5.8MB
-
MD5
9c232fe2ede51929244afc5c67e53b51
-
SHA1
8e8bb0eda09d25c1f44b8abd66a7e15a414b76f5
-
SHA256
1985fdbec700334fbb2c907f37a102930744e6b3e9198c25f516eae9f6854e9b
-
SHA512
d7ba56ed15a4bb482a69543e6bfe11d0aed4bf6b6b037d51dc2d191e1eaae187d1297bbb7c847d73259c34bb9ee26f26f3689c2592b4ff92968101303be61492
-
SSDEEP
98304:57AC5TdoYMyLSRpyviWkKPm7I2lLYaQ9OoSwYQf9Ib9XuvmhueA34SHeFblFY6nm:/T+USRLWtPm/O9SwYmIb9S5K3F6Wa
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1Privilege Escalation
Event Triggered Execution
3Component Object Model Hijacking
1Image File Execution Options Injection
1Installer Packages
1