General
-
Target
javs.exe
-
Size
645KB
-
Sample
250305-egdnhaxzdw
-
MD5
b7f4ecc258e5795b93cf4c8239d80cae
-
SHA1
457b52c2e260527ec6a648cac7b5170125f8952a
-
SHA256
f5f915bab2da6d58e9c07823cd89594f631425a041cd2e642b5f1a64ca23203e
-
SHA512
94578f60c1d5b0ca637047a52df3109c1233f8a9a790640af245cef59c74b5f8a0eb988b917fbdb3f1822ac339cea2e3679db06e3babca8e3455ea7681120fc0
-
SSDEEP
12288:upcJsqHRb0bgiB+/iVWRTPwbmA20i4o+nsltXS879jKVoMNug9Szi:upcJsobEg4vVWRjwbmAS47nsP79jioVr
Static task
static1
Behavioral task
behavioral1
Sample
javs.exe
Resource
win7-20240903-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.com - Port:
587 - Username:
[email protected] - Password:
malaysia25
Targets
-
-
Target
javs.exe
-
Size
645KB
-
MD5
b7f4ecc258e5795b93cf4c8239d80cae
-
SHA1
457b52c2e260527ec6a648cac7b5170125f8952a
-
SHA256
f5f915bab2da6d58e9c07823cd89594f631425a041cd2e642b5f1a64ca23203e
-
SHA512
94578f60c1d5b0ca637047a52df3109c1233f8a9a790640af245cef59c74b5f8a0eb988b917fbdb3f1822ac339cea2e3679db06e3babca8e3455ea7681120fc0
-
SSDEEP
12288:upcJsqHRb0bgiB+/iVWRTPwbmA20i4o+nsltXS879jKVoMNug9Szi:upcJsobEg4vVWRjwbmAS47nsP79jioVr
-
Hawkeye family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1