Overview

overview

10

Static

static

10

java-main/Java.exe

windows7-x64

7

java-main/Java.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1be4444a1c9e3beeb86ea8ed75f8fbc69b5e4a565ebf16a2385be5c5efc0de4

  • Size

    7.5MB

  • Sample

    241128-pkk7vsxlgy

  • MD5

    550456c25599ec9f0a8aa20bce955bb1

  • SHA1

    c95e63a5b0dae9fad41c9c03f12ce3d6c21fd216

  • SHA256

    b1be4444a1c9e3beeb86ea8ed75f8fbc69b5e4a565ebf16a2385be5c5efc0de4

  • SHA512

    00948d26eb82233cf802a0db8a5122d8603f3817c189f2d2a33863764af8094aaa9d62df8cfd2e3393c418536c519f91402a0e05e79c0097e4b437d0076c9e22

  • SSDEEP

    196608:pYhO39e/ZP6r7RWJP4TBAyk6F6jcTDe0x:xgAr7EV46/6F6jcG0x

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      java-main/Java.exe

    • Size

      7.7MB

    • MD5

      5225e7a08d8ca882a6d4de497c10591a

    • SHA1

      d7deeed0a48d8806dec4280c4e47c1ab27c5e604

    • SHA256

      2f6a9b3a5d9e2c81e77cd2c32ea4de6a639410388bc645eb4c254bbc9820a925

    • SHA512

      b8f2608e57c2a3f97dbdef7c99a8da0075f798f6d6edfe971b41b99dc2d31b05dad8583c91a83fdbf16f1cc70589c8f89b73b1a895a0d54e404389c6290687ab

    • SSDEEP

      98304:EFDjWM8JEClksfxCamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfFSpXq7eRfo/TF:EF0RfheNTfm/pf+xk4dNSESR4/LvVoyD

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks