General
-
Target
jjsploit_8.14.1_x64_en-US.msi
-
Size
6.2MB
-
Sample
250401-t563aavmv2
-
MD5
900a51240149c0317a1a71738f6cecbd
-
SHA1
a207e7cac1d2062a5951cee7a4589ba52785e75b
-
SHA256
c70f0597c3f2fc5be12b58f9e8c297b09de1f477158b9de398f2068269f9056e
-
SHA512
b4db879d590d112a47bd0a7febd2af1c15ff8767daab1d64c202dc081bebce77840badec78f871da182154610cb068a4a52a9dbaac6fd4912580ab55623d6826
-
SSDEEP
196608:tq0rJzreOolU7OITI/ctdw6cFzGZGveapRQ8+qjvo:t3rJklU5TI/ctd9cRCGWC7++o
Static task
static1
Behavioral task
behavioral1
Sample
jjsploit_8.14.1_x64_en-US.msi
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
jjsploit_8.14.1_x64_en-US.msi
-
Size
6.2MB
-
MD5
900a51240149c0317a1a71738f6cecbd
-
SHA1
a207e7cac1d2062a5951cee7a4589ba52785e75b
-
SHA256
c70f0597c3f2fc5be12b58f9e8c297b09de1f477158b9de398f2068269f9056e
-
SHA512
b4db879d590d112a47bd0a7febd2af1c15ff8767daab1d64c202dc081bebce77840badec78f871da182154610cb068a4a52a9dbaac6fd4912580ab55623d6826
-
SSDEEP
196608:tq0rJzreOolU7OITI/ctdw6cFzGZGveapRQ8+qjvo:t3rJklU5TI/ctd9cRCGWC7++o
-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1System Binary Proxy Execution
1Msiexec
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1