Overview

overview

10

Static

static

10

yedek-main/Ja4va.jar

windows7-x64

1

yedek-main/Ja4va.jar

windows10-2004-x64

10

yedek-main/Java.jar

windows7-x64

1

yedek-main/Java.jar

windows10-2004-x64

10

yedek-main...nt.exe

windows7-x64

7

yedek-main...nt.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ad426172639516e2dd5e98c32f670db5457065c05f8ab87269459eebb057552.zip

  • Size

    10.5MB

  • Sample

    241218-cx45aazpgm

  • MD5

    d89f52e79b2fbd1e4a26949deba20c9e

  • SHA1

    9cad352e8541858d742c4bc34caa9e489ea1207f

  • SHA256

    4ad426172639516e2dd5e98c32f670db5457065c05f8ab87269459eebb057552

  • SHA512

    051863854282542e5605cea6a440c8173a9e34be7e66c4c780653765545e01a60fb4ddc59ec66ab4c193918712b49e6fdacffe543757a37dd43d4415b0ade13d

  • SSDEEP

    196608:mdPn96e6pdPn96e6+iiXX2vNZobVUr/49UG2xcz2pLlJLOhhOZjk/Wvv42cH:mdPI3pdPI3+i/joxU72UG2ezSJJqhh5z

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionspywarestealertrojanupx

Malware Config

Targets

    • Target

      yedek-main/Ja4va.jar

    • Size

      1.7MB

    • MD5

      6d729b3dda0471989f1efdf02abfe1b5

    • SHA1

      c8273107db98ac14930dd01f2fff66ebb7cc8df4

    • SHA256

      d1200740675d379b2aae43691a3014912bcd413b717cecb90e49cd640e31fd61

    • SHA512

      4bd26fec9dbf840aa77770cbb7f392c77557e85f0beff8ce888df5b1fc942952e34b7617f03087fa24272cc662bc47949c6083efbb923f6c23db4e9b8866b8f3

    • SSDEEP

      24576:X5yR2a7sHTRRWyQZuGTlC9zcg4I8Rt0GR5SJrr7ST+GlGQTIL3wIkmv8DCQmzg:JEOHTRMw8kpxnynRF+GlGQTIL+mUDCQv

    Score
    10/10
    evasiontrojan
    behavioral1behavioral2

    • Target

      yedek-main/Java.jar

    • Size

      1.7MB

    • MD5

      6d729b3dda0471989f1efdf02abfe1b5

    • SHA1

      c8273107db98ac14930dd01f2fff66ebb7cc8df4

    • SHA256

      d1200740675d379b2aae43691a3014912bcd413b717cecb90e49cd640e31fd61

    • SHA512

      4bd26fec9dbf840aa77770cbb7f392c77557e85f0beff8ce888df5b1fc942952e34b7617f03087fa24272cc662bc47949c6083efbb923f6c23db4e9b8866b8f3

    • SSDEEP

      24576:X5yR2a7sHTRRWyQZuGTlC9zcg4I8Rt0GR5SJrr7ST+GlGQTIL3wIkmv8DCQmzg:JEOHTRMw8kpxnynRF+GlGQTIL+mUDCQv

    Score
    10/10
    evasiontrojan
    behavioral3behavioral4

    • Target

      yedek-main/WindowsUpdateAgent.exe

    • Size

      7.4MB

    • MD5

      7d4b7c9479e46227120720f2a2dcccda

    • SHA1

      a85ad8695c5f1703ab6b1abd07eff86b4da4adca

    • SHA256

      94525a0b12c1be31a958bb137d9c1a6f35cef4e9b0c01f95b75981bae5518d93

    • SHA512

      c0cb31863256206f4c0e39d3baa8d5869e2cab630b3f9e1453d45964b054ca85ff11c5cf17c157efe84d16dc1f413f27cb762dfa1a0ab8f2a4556d901faa3c07

    • SSDEEP

      196608:xmlEzPoLjv+bhqNVoB8Ck5c7GpNlpq41J2Jbk9qtlDf6s0:ChL+9qz88Ck+7q3p91JBqfJ0

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

System Information Discovery

3
T1082

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks