General
-
Target
jre-8u51-windows-x64.exe
-
Size
41.2MB
-
Sample
241120-242eeaznar
-
MD5
b9919195f61824f980f4a088d7447a11
-
SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3
-
SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
-
SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6
-
SSDEEP
786432:lIL77/mXteC+c78UZnibhhr7pYA/NSkv7JrpzUyHTrD0N6U1cNYGOtss:lK7gf3iLrNYrk1rpwyPD0N6vYGOtT
Malware Config
Targets
-
-
Target
jre-8u51-windows-x64.exe
-
Size
41.2MB
-
MD5
b9919195f61824f980f4a088d7447a11
-
SHA1
447fd1f59219282ec5d2f7a179ac12cc072171c3
-
SHA256
3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01
-
SHA512
d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6
-
SSDEEP
786432:lIL77/mXteC+c78UZnibhhr7pYA/NSkv7JrpzUyHTrD0N6U1cNYGOtss:lK7gf3iLrNYrk1rpwyPD0N6vYGOtT
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-