3eb4be5f6ac0e8ecbc0625e3904827568ec32a8301f093df059a4e64a9fece71 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

survivalfr....1.jar

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

survivalfriendly_npcs-1.0.1.jar
Size

24KB
Sample

240727-vxethazejn
MD5

a429fd9146e4194e9725df1e6f85de4d
SHA1

1e3ae9969888296b11a372d15cc91e3c9747c76c
SHA256

3eb4be5f6ac0e8ecbc0625e3904827568ec32a8301f093df059a4e64a9fece71
SHA512

3d82fe74b9e924bc67da6873382da6e52b30d798d9f71fc4d3f75d39b264e33bbfcbf15c4691ee1fdeaf735d1cc80747065a0e6b160cca144b41d164ad73133b
SSDEEP

384:Gn+p7tlEaHR8WmyZDejxkh3lve0K6n+NSwfZFttU8omAiahLvO5AdAa:Gnu7ty67BVe0K6YSwztZ5AiovO5yr

Score

7^/10

defense_evasion discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

survivalfriendly_npcs-1.0.1.jar

Resource

win10v2004-20240709-en

defense_evasion discovery execution

windows10-2004-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  survivalfriendly_npcs-1.0.1.jar
- Size
  
  24KB
- MD5
  
  a429fd9146e4194e9725df1e6f85de4d
- SHA1
  
  1e3ae9969888296b11a372d15cc91e3c9747c76c
- SHA256
  
  3eb4be5f6ac0e8ecbc0625e3904827568ec32a8301f093df059a4e64a9fece71
- SHA512
  
  3d82fe74b9e924bc67da6873382da6e52b30d798d9f71fc4d3f75d39b264e33bbfcbf15c4691ee1fdeaf735d1cc80747065a0e6b160cca144b41d164ad73133b
- SSDEEP
  
  384:Gn+p7tlEaHR8WmyZDejxkh3lve0K6n+NSwfZFttU8omAiahLvO5AdAa:Gnu7ty67BVe0K6YSwztZ5AiovO5yr
Score

7^/10

defense_evasion discovery execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy