General

  • Target

    JJSploit_8.10.11_x64_en-US.msi

  • Size

    5.0MB

  • Sample

    241109-1mecwaskb1

  • MD5

    190d3be205525ee48e3ca0a3d6fce256

  • SHA1

    cdf09c9b04b8e6ed1ce6ea017ee821cbd6e53ba5

  • SHA256

    a6f64d8f09f87379ebb9479366d0ec4a56e60c9c7b2e162af668be2beb9756d9

  • SHA512

    28c6251668f14082abc387d1ef8bdc8acb0d62f258ce1d229814092057ee2e7dab3bc585d648a4ce8ebac3bf0dee09842d7defa5df450891347b3aeaca20df09

  • SSDEEP

    98304:GImWIIu6k5Wswf4SjCJK7DT3CmkVZ/AKEaqjD97FuGyytYDit7OcIHv8m:1mR66KwSjSKHrCSv7FugZPI

Malware Config

Targets

    • Target

      JJSploit_8.10.11_x64_en-US.msi

    • Size

      5.0MB

    • MD5

      190d3be205525ee48e3ca0a3d6fce256

    • SHA1

      cdf09c9b04b8e6ed1ce6ea017ee821cbd6e53ba5

    • SHA256

      a6f64d8f09f87379ebb9479366d0ec4a56e60c9c7b2e162af668be2beb9756d9

    • SHA512

      28c6251668f14082abc387d1ef8bdc8acb0d62f258ce1d229814092057ee2e7dab3bc585d648a4ce8ebac3bf0dee09842d7defa5df450891347b3aeaca20df09

    • SSDEEP

      98304:GImWIIu6k5Wswf4SjCJK7DT3CmkVZ/AKEaqjD97FuGyytYDit7OcIHv8m:1mR66KwSjSKHrCSv7FugZPI

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks