General

  • Target

    jdk-8u191-windows-i586.exe

  • Size

    197.3MB

  • Sample

    241117-krx3sazqdn

  • MD5

    50cfd28a3a3243bc5e9be096a3b9fd97

  • SHA1

    bc8f26edb5d1b6d93459405da76bc52c9b882e69

  • SHA256

    a92fce986622e9846b93e396a7eda6214e7f7ea90860794c934f423c10813622

  • SHA512

    859e7cc427a5ea990dd3b5301d0bb68aceac9b32f62363d5d21ed90ad45a7a7912d201dc276786bfcfb18a8683776623c7b78c4ad06c4f8002033bfaa6e8855e

  • SSDEEP

    6291456:TRcAp+FfSMhbAOo8ZycQv15tZ8YpG+sdjjceHAk8iaKmh:TRcAp4SWAURo5MAHojjjHEiaT

Malware Config

Targets

    • Target

      jdk-8u191-windows-i586.exe

    • Size

      197.3MB

    • MD5

      50cfd28a3a3243bc5e9be096a3b9fd97

    • SHA1

      bc8f26edb5d1b6d93459405da76bc52c9b882e69

    • SHA256

      a92fce986622e9846b93e396a7eda6214e7f7ea90860794c934f423c10813622

    • SHA512

      859e7cc427a5ea990dd3b5301d0bb68aceac9b32f62363d5d21ed90ad45a7a7912d201dc276786bfcfb18a8683776623c7b78c4ad06c4f8002033bfaa6e8855e

    • SSDEEP

      6291456:TRcAp+FfSMhbAOo8ZycQv15tZ8YpG+sdjjceHAk8iaKmh:TRcAp4SWAURo5MAHojjjHEiaT

    • A potential corporate email address has been identified in the URL: SofiaSansExtraCondenseditalwght@1800

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks