Windows Analysis Report
MVO4879773357878.jar

Overview

General Information

Sample name:	MVO4879773357878.jar
Analysis ID:	1417504
MD5:	ee75fce2158c3587daa560419f122001
SHA1:	760d09adceeb4903db4130ef0d28654915844d5d
SHA256:	88a9b4cfac5ba3a433942f8f4e489229f0fd694a7f9a78a8b6ca5cc5dc590e00
Tags:	jarSTRRAT
Infos:

Detection

STRRAT

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected STRRAT

Exploit detected, runtime environment starts unknown processes

Contains functionality to query CPU information (cpuid)

Creates a process in suspended mode (likely to inject code)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Tries to load missing DLLs

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5	URL Reputation: Label: malware
Source: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5	URL Reputation: Label: malware
Source: http://wshsoft.company/multrdp.jpg	Avira URL Cloud: Label: malware

Found malware configuration

Source: MVO4879773357878.jar

Malware Configuration Extractor: STRRAT {"C2 list": "d4money.dynamic-dns.net:7888", "url": "http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5", "Proxy": "d4money.dynamic-dns.net:7881", "lid": "khonsari", "Startup": "true", "Secondary Startup": "true", "Scheduled Task": "true"}

Multi AV Scanner detection for domain / URL

Source: http://wshsoft.company/multrdp.jpg

Virustotal: Detection: 15%

Perma Link

Multi AV Scanner detection for submitted file

Source: MVO4879773357878.jar	Virustotal: Detection: 45%			Perma Link
Source: MVO4879773357878.jar	ReversingLabs: Detection: 39%

Software Vulnerabilities

Exploit detected, runtime environment starts unknown processes

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Process created: C:\Windows\System32\conhost.exe

Source: java.exe, 00000002.00000002.2872991367.0000000009D94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
Source: java.exe, 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009E04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009E04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009E0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
Source: java.exe, 00000002.00000003.1677262279.0000000016B85000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009F17000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872568836.0000000004BDE000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875177365.0000000016B8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000002.00000002.2872991367.0000000009DFA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2875197383.0000000016BB5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676798758.0000000016B7E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1677179087.0000000016BAE000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000003.1676858044.0000000016B85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: java.exe, 00000002.00000002.2872991367.0000000009D99000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: CHHXGzeSpzwiJOAtZoSZBJ.class	String found in binary or memory: http://wshsoft.company/multrdp.jpg
Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.class	String found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.class	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
Source: java.exe, 00000002.00000002.2875286809.0000000016CD2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jarXs
Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.class	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
Source: DZQmNBgOWWDUGcQCKUlPSbuRpohqT.class	String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
Source: java.exe, 00000002.00000002.2875286809.0000000016D0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarl

System Summary

Malicious sample detected (through community Yara rule)

Source: akllnBiTjwPmAwfMbajsTFm.class, type: SAMPLE	Matched rule: Detects PowerShell content designed to retrieve passwords from host Author: ditekSHen
Source: C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class, type: DROPPED	Matched rule: Detects PowerShell content designed to retrieve passwords from host Author: ditekSHen

Tries to load missing DLLs

Source: C:\Windows\System32\7za.exe	Section loaded: 7z.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior

Yara signature match

Source: akllnBiTjwPmAwfMbajsTFm.class, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePassword author = ditekSHen, description = Detects PowerShell content designed to retrieve passwords from host
Source: C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_PWSH_PasswordCredential_RetrievePassword author = ditekSHen, description = Detects PowerShell content designed to retrieve passwords from host

Source: classification engine

Classification label: mal92.troj.expl.winJAR@7/81@0/0

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5764:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6764:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6476:120:WilError_03

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user

Jump to behavior

Source: C:\Windows\System32\7za.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ETIKYbEhuMLgDjIJSHDmGnlmeMsm.class.0.dr

Binary or memory string: SELECT * FROM logins;

Source: MVO4879773357878.jar	Virustotal: Detection: 45%
Source: MVO4879773357878.jar	ReversingLabs: Detection: 39%

Source: unknown	Process created: C:\Windows\System32\7za.exe 7za.exe x -y -oC:\jar "C:\Users\user\Desktop\MVO4879773357878.jar"
Source: C:\Windows\System32\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe java.exe -jar "C:\Users\user\Desktop\MVO4879773357878.jar" carLambo.FirstRun
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 2_2_0262A20A push ecx; ret	2_2_0262A21A
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 2_2_0262A21B push ecx; ret	2_2_0262A225
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 2_2_0262BB67 push 00000000h; mov dword ptr [esp], esp	2_2_0262BB8D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 2_2_0262B3B7 push 00000000h; mov dword ptr [esp], esp	2_2_0262B3DD
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 2_2_0262B947 push 00000000h; mov dword ptr [esp], esp	2_2_0262B96D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 2_2_0262C477 push 00000000h; mov dword ptr [esp], esp	2_2_0262C49D

Uses cacls to modify the permissions of files

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: java.exe, 00000002.00000002.2873568368.0000000014800000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: cjava/lang/VirtualMachineError
Source: java.exe, 00000002.00000003.1624831012.000000001675B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: java.exe, 00000002.00000002.2872166413.0000000000C7B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2[Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000002.2872166413.0000000000C7B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Memory protected: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Code function: 2_2_026203C0 cpuid

2_2_026203C0

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\1800 VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation	Jump to behavior

Stealing of Sensitive Information

Yara detected STRRAT

Source: Yara match	File source: 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 1800, type: MEMORYSTR

Remote Access Functionality

Yara detected STRRAT

Source: Yara match	File source: 00000002.00000002.2872991367.0000000009D69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2872568836.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: java.exe PID: 1800, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1417504
Product:	CloudBasic
Start time:	13:57:41
Start date:	29.03.2024
Sample:	MVO4879773357878.jar
Cookbook:	defaultwindowsfilecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ee75fce2158c3587daa560419f122001
SHA1:	760d09adceeb4903db4130ef0d28654915844d5d
SHA256:	88a9b4cfac5ba3a433942f8f4e489229f0fd694a7f9a78a8b6ca5cc5dc590e00
Filetype:	Java Archive (13504/1) 62.80%

Name	Type	MD5	SHA1	SHA256
C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp	ASCII text, with CRLF line terminators	36B845ABB096D2C5CEFEAB5C8DD2C27B	72BE234CB4E546EC45513949555E1D15CF5A7217	92EF2EAB00A18DC9BA6D13B5AE8BDEDC9CA65C2ABB9E6A62E73E590F997DDA34
C:\Users\user\AppData\Local\Temp\hsperfdata_user\1800	data	5078F203FF6CCA9AF77BF78CF6E61FE9	7AD13D28FBE95E8BD5DC9788D980F630224E37F7	BA28DB3D2C5011FD1B92B4CB474D21BA20D5DF8AE390AB45915CE35D13FDB4C2
C:\jar\META-INF\MANIFEST.MF	ASCII text, with CRLF line terminators	6F7AA6C9CC4FF1023229DAA3CF050B83	F2BF9EE184DA208EADDE3C2D83A26E7456FCF71F	7B34819F527D1614282104A88336E1EA36841DED3890FF0FBBE08EECABE804E2
C:\jar\carLambo\AILeJFODIHNyHULMHPDMqXVIZVnaVD.class	compiled Java class data, version 52.0 (Java 1.8)	62B73F4EFA85ACB6CF0DD05675001D65	9C80C3EC15FB2C0A09000435F12F27479190867B	F3280DB497878DD9045C81012E06DC73E788B8FD8D3337CF4B08CAAC672147FA
C:\jar\carLambo\ANLvCFyChcJzVnLHSqeekHx.class	compiled Java class data, version 52.0 (Java 1.8)	3A455E33E1B038A2EB27E634E94DC263	32851EF71D940E9AE3C33491642EACC7ACAD3C35	E86A6B04AFC2D5C002A634B419B5E87445ABDDE4C157FB9F464CBAAE9B632C02
C:\jar\carLambo\AimdQBqtwmRlTmfOwmvjwNywPJZsM.class	compiled Java class data, version 52.0 (Java 1.8)	492B0AF96C2BAF980CD3A09CC47615C6	D35C4F5DDD3CF4BBF9FF61B6335AA7F4575BF6EB	9A61438052DCEE8964F27AE91722C83150DE1045E9CAD81038793045D8260966
C:\jar\carLambo\BAvsXDspdJYXQBvXhSPZNfejgtqGP.class	compiled Java class data, version 52.0 (Java 1.8)	5152A6BD148B6700B12A992DCBB55982	1F16CB86F87582F4981444B92C9A0B7E68FF49CD	9D4E9A2F085B4D2FB6922C96E594F478B840F5B51A540FCC28E0A940572448F5
C:\jar\carLambo\CHHXGzeSpzwiJOAtZoSZBJ.class	compiled Java class data, version 52.0 (Java 1.8)	BD1B10A14E93DAB67D68AB2C58E74013	A3E8C210DEC85574202E835CC7F32D01002BE557	2B696DCE308AB53F537AF6B3ECEB1C52FF8983EED1334BFFAE595F205E5264CB
C:\jar\carLambo\CHHXGzeSpzwiJOAtZoSZBJOdYDRcQU.class	compiled Java class data, version 52.0 (Java 1.8)	394FC20B3017D52C7BCD64A34D07A40C	1764C5351FFC53F164466CDC034B643A6513869C	38C1F74CB89A89D595E87AA40DB3E953C16CBA00BCAAC6B7BE0BE9B15EE34392
C:\jar\carLambo\CMGnAzOSNTsjXgAokPsrvtqOAexQi.class	compiled Java class data, version 52.0 (Java 1.8)	31476A8732061CFFA154BAB1A8A134C7	9EAD48E11BBB7942D236FE262E959D84528D7582	F7734385823230AC7B733FE0260C380A18594F53232006F803B27959E5CAF959
C:\jar\carLambo\CVahPcpwAqEGgjZCgeRHqvzav.class	compiled Java class data, version 52.0 (Java 1.8)	A69B525DBF79DDF76ED42ADAE1707137	24146068576B4AFCCE7898D1A0ED395733AE3F8A	A5882F05DFF91B760F3E192DA4C221664F93077092BBF4F3F154A950558FB142
C:\jar\carLambo\DPSFZBMQYgMSdqRKnSjeeHqvknUN.class	compiled Java class data, version 52.0 (Java 1.8)	25A7727CBAEE58907791AD4C375475B0	02821EF7A214C794A155E24D41244E28E371DCDE	3E4B7150E449D3FD3D798875E718162D628A079EB04A06C43F5003571DC09C03
C:\jar\carLambo\DZQmNBgOWWDUGcQCKUlPSbuRpohqT.class	compiled Java class data, version 52.0 (Java 1.8)	F3F714703823DD6CD1BBF6EE8C26F4E4	F4C6EAB310A13B5108FA3ED1B968FC0CCC28563E	3D582DE73B213C65829EF7AB4C0C5A35022561C0BD4935855E6629113FE85AEE
C:\jar\carLambo\ETIKYbEhuMLgDjIJSHDmGnlmeMsm.class	compiled Java class data, version 52.0 (Java 1.8)	C993C9A0057B12C92FFCC66CE893D24D	44F1AC052B127E4D6686C1B85E5AD4AC7A540383	2EB3622BCAA23D8F82F0C41A530E390D4006877569CC0D496F74C649C07022DF
C:\jar\carLambo\FirstRun.class	compiled Java class data, version 52.0 (Java 1.8)	0AEE0C9A17657BEDFF1AA72A972F919A	4D085652A8A86385FBDC967821352C11D7607B20	B9F133AABA353AE066A88DB4E96590B0476AD21082517B407723BB6474C67189
C:\jar\carLambo\GDI32.class	compiled Java class data, version 52.0 (Java 1.8)	3A5C3EB8DCAA9F6E6F590D8C93022175	9A0C41BCC127FD94F16257ED86B8FF9DA7B50941	2C662614F62F6643F5BB277ACA7D5A320910494FE909D0480D2C55E86BBD5C07
C:\jar\carLambo\GYDTPVEwzYqRTvxmvHtRLJG.class	compiled Java class data, version 52.0 (Java 1.8)	CC7E6480ED4B022F20694154B2529572	DD020897342C67E0525BF0D3D9BAFBFCE1148844	73B44B4C039F894A0CD1E7B62C60FB4001E6813FFABE4AEC8D5431EB8FB65B0A
C:\jar\carLambo\GeLuFwhdbiiEVoEeoUbtXxPX.class	compiled Java class data, version 52.0 (Java 1.8)	6276A7223044C7DFB01F247B06B99ECA	603A3BD207F7FA45FC14145AA673F78CACAE960A	0F963C9FF5015F805AFF6CB510711A5D2FD4737BA161EBF08ABBC99F967C8B17
C:\jar\carLambo\HBrowserNativeApis.class	compiled Java class data, version 52.0 (Java 1.8)	DE53C45EF1C763D42F69C48C072D49AC	53D1BCDADA3047C8C2E35032E17B411C3854A5AE	C2E5EB5EB758AE93BDAF240985773F1A9FB54B290CA3C53700454D0720464486
C:\jar\carLambo\HRvrZvbQXOxdQCpuCvMoA.class	compiled Java class data, version 52.0 (Java 1.8)	F87072AB9D6E400199D0EEDCFDDCD0AF	3BF4D151E2EDD2EBE72D9B24307389BBEDF49F29	FA77E43538637ED3025C94D75E6B92C7711B92C169852D847A21A0607D3834BC
C:\jar\carLambo\INziJWwhFRZYUTzXNlVz.class	compiled Java class data, version 52.0 (Java 1.8)	7A12A2C338CCA99D8D61057ADD1B95DC	495391FE279F0C3FBFBEEBF12F10839D8243077F	F9AF7C59C95B8264FDEFA78737C0652A768D4E076D201FFF2A3C43EEDF5BE9AD
C:\jar\carLambo\ISyzDWggemUZimyTYMwRRfQ.class	compiled Java class data, version 52.0 (Java 1.8)	4232BB01ED6F761EF18D1360F3331181	F7CAF441F309AD89A1B787F736380F0610F622F2	CBE99E10CE8BA786BF6E11A393F1786DBF4B8E1E2BF7E7FAF1B93313E5CC4880
C:\jar\carLambo\JMrXOwDACcclgsrbfAOpFrHXlamCDQ.class	compiled Java class data, version 52.0 (Java 1.8)	7F7957B5C353A805D2FA6DC0B7A18778	29CEDCC5D10D338292878F447A3179E04845B625	84F45DC097AD9E82B8EC15BCFB92012C81586DB79B858DA9762DCFAC624FAEA2
C:\jar\carLambo\Kernel32.class	compiled Java class data, version 52.0 (Java 1.8)	629406C3A190F005DB7C4910CB4B4985	EB09EA68C77AA2201AA28ABF9D559C601B6E2478	EDC583512463B1F42CA8D7F1702DE9CDC8505BF856BEDDFF2BBBF2EB2640632D
C:\jar\carLambo\LZFZUTettLTuEIERFOckFPlpH.class	compiled Java class data, version 52.0 (Java 1.8)	BE9D39C334B0009681FBFC4A2512E495	B5D4A968FEE2C676F5DD20E1CC60B8B553FE2933	84C294E0B35CC564EAD58DD077A12EAD0BCD3A0F584BC44E3413EF69BDB94AD6
C:\jar\carLambo\LbNkQuXbxAPhtiNOmAjuW.class	compiled Java class data, version 52.0 (Java 1.8)	A027DBF130695F3D0AFDF154359A33CC	0CFDDFBBF9EC43490BE88091F2D5BF0C69AEDB1E	164ED5D49B9900E96EFC01DB31A48D4C7F00C25B4EFFE8FEF1AC22C5EF4B163E
C:\jar\carLambo\MMpWpSYgqriSzVphTpNfhnTglQdmfQ.class	compiled Java class data, version 52.0 (Java 1.8)	B1666AA954F8D6D86D5E48F587C92E15	9FB8FC155332C4A475AA41F955EBDE12010E9186	AD08BA96288E69752F6487014AD05E7BF9518E92FF1B087C4E0933E604B65BB1
C:\jar\carLambo\OeziLNfIzXyeUUtuiOSPKlGvibRk.class	compiled Java class data, version 52.0 (Java 1.8)	596961025A3960FBDE01A503B7E17FB1	FB8C93756247198612A6BC906E327B50F057D318	97593741B627DE53F0AFB35FD1E9CF40C7212A2FC1DE13BACEA330CFF58DB102
C:\jar\carLambo\PWjvaMJuUYJDdBdFIQec.class	compiled Java class data, version 52.0 (Java 1.8)	6655492D2107A409D5F5FC25CC0BA27E	613FBF72F76DE4BACA8C304BDCBADEDA5DD74096	B86B5B24B3739EA5F16F574C4C37AD23E83698AD58219D2E92A47AF15BAD1AF4
C:\jar\carLambo\QsNkSlGCqFomtjHlHdgKKJlOETn.class	compiled Java class data, version 52.0 (Java 1.8)	0616D48F334A64092B2B8B3F731A64FD	263F2BD831C9834C50F496A2304D2F779C5BACF9	8633A2E9F0A76161BFB9EBFABD503450A061C2E4D1008B6387EE3EF1C7504FD6
C:\jar\carLambo\RGguaORgBxwLQFguOTfsyvWLb.class	compiled Java class data, version 52.0 (Java 1.8)	A0F599BF5B7B34EA839C35302CADE708	F4E38FDBFB4633AED9D950472B515F6F9BF90ADF	7C13E0515A3E74484FA032E1D2DEBDD0B13039B748DF1A05E45F68F7220DE783
C:\jar\carLambo\RestoreWindow.class	compiled Java class data, version 52.0 (Java 1.8)	B8ADD848609F10EE28E961C11F721FDE	F0C12B5AE915181847CFBFBAC524228F3DC5631E	BF2369EB64AFA4D0A1973D76F608AB5B6498F86131297AAC615B5771F72C585F
C:\jar\carLambo\SjomlJrGISDYNqiAAulMONOv.class	compiled Java class data, version 52.0 (Java 1.8)	87CD6EE81D513F43AB8DC52EAE1181F4	90AF51C60729F29EC295A776F81AC82729933E51	EC9E3DC65978F375EC7DFACEF3E86AF504BC07E82B5FB9E370F75F684CBEFEBF
C:\jar\carLambo\TQaTMIBufeXwulTTDuvpxBTBfNW.class	compiled Java class data, version 52.0 (Java 1.8)	2CB7EC37D42AF36D1D8C4F0007F6CF93	3D7BCB35B26E971798DD46A653DD3247993296C3	94E5E63367D0187C20C6AA9F19F1FB1FA48BF11FAD9E74E779C470B6690192B4
C:\jar\carLambo\TgBoQLFFtKbHGgBZrVBiDrm.class	compiled Java class data, version 52.0 (Java 1.8)	BC1336A2A8F98BCB0D599C8026363E1E	780C34F33FFE9BFA75EA7F8489DB561A6B5926C1	112387821BA39051BED56EC710732D2021C551ADFF61FC6CF6F820F0A47520AF
C:\jar\carLambo\User32.class	compiled Java class data, version 52.0 (Java 1.8)	CDB50558D382E6554721DDD443BC7744	55E88F2195A0C808E3330DE4DBE5DFBAC091201F	7DEF5E0649A951A502C01BC34A444DAD98805C0EF2C06E82FC3554742A16532E
C:\jar\carLambo\VRdaqkGKmButMUdsZLfSOLnpgVk.class	compiled Java class data, version 52.0 (Java 1.8)	5445BD2AABDD4F1C9522D025E98E5AF5	34ED09E5FE0725234E68FFB2E5C3B0B65592A90C	B0A518623F8A322E45BD9B963E548ECADFA8AFFAA5E7B36F1DF45EC798C4CF55
C:\jar\carLambo\WinGDI.class	compiled Java class data, version 52.0 (Java 1.8)	AD45C3E50AB8656ECAFF9C840AF8281F	9BAA18E4659B690F7EE49496AC318E4C7EA78308	EC32BCF18F93DD9F4E4D77BB1FBD36C7DF08052E352C2C06DC4B622BCBCCE747
C:\jar\carLambo\WzOHQjRyKNNQtPOMcLqvxzsvisZhr.class	compiled Java class data, version 52.0 (Java 1.8)	926713709777A7C3B985BDE381CEAB3D	1E312BEFE15B55306535AA63774275F79E59F62A	8B1EA82CED893E695B7CBB2741B6E7C1E3BF48050EBC072A489DBEEA2FCB0F45
C:\jar\carLambo\XfrcwHiEekkBljrjyatNOjRICOGWh.class	compiled Java class data, version 52.0 (Java 1.8)	D843AAEB00849A9556FAC7404B01A8AF	905667A62C3F05F3771778121533D0EBC5D8EC42	4BE83ACD2250355EA94FDD6B26B32099B1A423C5B88EA649E9A5808540C44B84
C:\jar\carLambo\YEJPIdRNPZsBIbCpFLfaCVN.class	compiled Java class data, version 52.0 (Java 1.8)	B5CCE3EC2BCF15D622F94F91AADCAF7C	B2C2035C95FF4D57175C97792AE89E2B50A6D7AE	1996CB092151F69B1704EBAA312951B29D053EBCDEBDF74E2C8F76661E42F6B2
C:\jar\carLambo\YlqtqHSDDFgBzCqfJBUfI.class	compiled Java class data, version 52.0 (Java 1.8)	484D58ABEE51CD22C22D933C546FF083	5901BAE0B352842839D7E4DD1E0B3B9D2DD944CC	87FCF75150D6A990DB61CDF7C428F9DA5F1940131FED4E67EC92FA8302181C6F
C:\jar\carLambo\a.class	compiled Java class data, version 52.0 (Java 1.8)	335DF3DC9FC24209223A3FC49B0F8B4A	08DDECFF6340E24A390758830BF7D4EC81EAADD4	ACDB39711E52C236C5EF0F66DA40943F2D02DD4AA9D43E9A424326D70CF5E695
C:\jar\carLambo\akllnBiTjwPmAwfMbajsTFm.class	compiled Java class data, version 52.0 (Java 1.8)	C476698F30A29ACE57135CBA26FB39BA	A6026877167A50845A5ADB16549A36A9C9BDDEF5	B994E1F015FD9E0E065C8B598572B06F88307DB637FD49369273900A9018CA2A
C:\jar\carLambo\b.class	compiled Java class data, version 52.0 (Java 1.8)	B52C63A67C2B563C15BD10DA3FE29626	CAAD527B427C3465A4F8360EDAD23E9CA8B0F723	0AD9C7F0183D84D6FC5FDBE1263F0356EA9EE6E4AFD1579CDDDE83105006BBB2
C:\jar\carLambo\bQOGTazZDTmWsQIjxomKkpLaxswAl.class	compiled Java class data, version 52.0 (Java 1.8)	1E784B2DDE77676EEC6FC32FE209BCEF	ED1732352C4DA74145CFB9E04ADA0F5390CFB918	9B80C5D5A72E8FBF830BC5B360FCACDF28A1DE8F408A7C1483F9BCA0B912F041
C:\jar\carLambo\cUFMRzrqZzmkSJziceHSMVGQ.class	compiled Java class data, version 52.0 (Java 1.8)	8AEC05B33A13303D523D304F00DBA48F	F29EFD66C64B3D80C63A2D09FC29C85D16EF6186	D944C2313531DCA7631D1431E7510DEF4048D6F6A8A88DA17B2624CA01986DF7
C:\jar\carLambo\eQJCBbLIHBNfWZJLmUQdjvxUQzC.class	compiled Java class data, version 52.0 (Java 1.8)	07C4B9666E9BECE18CCEB735EF10697A	638C68E1632F8E786531C921EC3247B7D36D6B24	A2A2088C96D3097F40DA81177AF2DD1F959101FEF05DF3D41E67E379DFFA655B
C:\jar\carLambo\fnSeRWCjpCYtFrMVMUvfGdMUp.class	compiled Java class data, version 52.0 (Java 1.8)	4EFF7D645E765F9CA708FBA6757020C3	FBFAE6A7521D4A2B1DC5B54B8A2ABAC5274789E2	8B621560710DB346C98CC57A848B7C4A4E4EA41B8D217D9D6485E1B9E9A8159E
C:\jar\carLambo\gQEuyVcYntwPXTysEtfquh.class	compiled Java class data, version 52.0 (Java 1.8)	FAC42C29E155E1B389119EB06EEDAEF8	98B611345F70C2FB020513DD7F6080AF0F49A528	7458015FC6760A82F716D3F7BE2D7F7767E2DE794E7462B03577D3D8856B4F48
C:\jar\carLambo\gcLmiwpDoXkEofFgIgnkAFbECjBM.class	compiled Java class data, version 52.0 (Java 1.8)	A95739E5E9BE30BAD71B240E1C82891F	E59D1C237E343D52F1CAF222299DE3571AD87C7D	18BA14777BF084A5EE67F4B7AF833A2366E4D7DCAA251713C96651C785EA1058
C:\jar\carLambo\ghKDbwZCNsgFCyEcTHODu.class	compiled Java class data, version 52.0 (Java 1.8)	48682699090E32C183D70891E84F0FDC	AA23556FD74A1324E571BB286C93D4CFE6E39D27	00CC01F556AE041546740F22672182D559D8D1A4B04372E67E7EC45868BE2904
C:\jar\carLambo\gjWVByXBXFzoJIWyWKFqdDDX.class	compiled Java class data, version 52.0 (Java 1.8)	090729C4BD64CC0AFC1D74A60F1CA36F	9DE5E08C20B2393F920B664B2F74950F792725C4	4FA50508997EB6ACBCA26C49C382163F49F046080016B81D33E288768B6E1FE7
C:\jar\carLambo\hSQNXYaWyFQzecPOHvVddvqXyqC.class	compiled Java class data, version 52.0 (Java 1.8)	E01DC22C7A67D442AD9259AB660F3A52	14E6710A58122A455D236ECDF5796BE1BA5A4CC0	216EB9019601B83042640ABE2B2F8CC6899FCCA3C60216592F2810EF158AAFDB
C:\jar\carLambo\iWGSWxRnUlPNEVGNllqlF.class	compiled Java class data, version 52.0 (Java 1.8)	4CF8C304A115C5507A9B0B3B4E92523D	E6E76863825C3A0ACEA1F2492D15F4AF052C2A06	088813568A00014FD0A9651842BD5629E0B77BC6FAFF06E2D6E2317B9A605C04
C:\jar\carLambo\iytiDwrcScnkWxsldKZwufPjSLiFk.class	compiled Java class data, version 52.0 (Java 1.8)	55239751E43F849EA8BF05FFC03B963F	E3058AE0E63561A03149002602AE969434A087CE	E78AA7F38A8720EB99D8A529A0C63809D9F5FBBE4323ADD402D21768D8CFC7C4
C:\jar\carLambo\lUtzYRoVxoBKRpnyWYynzJxpJ.class	compiled Java class data, version 52.0 (Java 1.8)	E4998F00064F1CAA3425FE0CED3EDF73	1DDA65487E72427F3D7FD930E097C889250A21BE	4D4BE6ABED1F8B032BE853BB379475CED451F8A1C2612874D23B6865CE8FCFC6
C:\jar\carLambo\lXFRxTmUHAVtXyFTZbpbiXx.class	compiled Java class data, version 52.0 (Java 1.8)	688C0B9E0E86508E0E4D2419D7FB010E	C6C9A27CCE94B2F11B5D92117175307BFD35FF68	F9D63AF93D7DAE4A2EDA2BD6FEBDCE384E8C0820B2D2EB9AC2A153F2B2324206
C:\jar\carLambo\mHewsQjItURiLCXNkzji.class	compiled Java class data, version 52.0 (Java 1.8)	7C064E0604033C54B60BB36751A4F815	441326BF5DE070A678526F1FA2CAC59EE727876F	9C4C46067FF01C19019981A8F2C268D46622B9FB3B934D2C06B14C36F629BAD8
C:\jar\carLambo\nPpeMSRGcCgSgfpfzdBoEfHy.class	compiled Java class data, version 52.0 (Java 1.8)	3953348AC83DAEF9490DDA4344020076	0E33CE888DA1231E8820F0042F98377F38998196	743B7A248C9572322742DB6CD99BA67066306B9A1A8CE4B423F51C0A6D577550
C:\jar\carLambo\niHBeoQPoWsSpEBovnMizhbIfpQUU.class	compiled Java class data, version 52.0 (Java 1.8)	FBD00923D65394922C4E189A4D23D6C6	8D8FA2BBF47B24EFB55E504B8FE6E25ACE44EBDE	5AFDFF4A9129C84A7AA09616BCC0F8CF09D265A26833E4EA8C45FBCC27DD0640
C:\jar\carLambo\nnHRYoAONroTDXAkGOnAtRE.class	compiled Java class data, version 52.0 (Java 1.8)	B49D49728DBAE4901BB5B8BB81014C28	31BF7D0A02708E557E01D429217D12CB7615C58F	BAB5692C03D65905D43785B4FABFDD39F46A93825C02914D8AB363BFC5D9CC89
C:\jar\carLambo\nnHRYoAONroTDXAkGOnAtREs.class	compiled Java class data, version 52.0 (Java 1.8)	A7610A543F361780AB282AE8DAFF38BF	416D6F8BC9EF6926A3DC1F57938F45FE20DF4EEC	4F2FF7B535333C62AFFFB3D656ABD6225C247AFE01AFF6D7B786A73F965EF4A6
C:\jar\carLambo\oarPtnuBJYDryklAVpYvVplj.class	compiled Java class data, version 52.0 (Java 1.8)	59FFCC9CD906BFBEBD1F0DCC5648E96F	5E012AE14E926FC4FF9F31FAA8179CCAF14DC87D	7C0CE7FF9266E6039D13003C0E743D03716666D2F4B54346C8777C3BD00BC5C2
C:\jar\carLambo\pOkXJMhVItPChYeMRCPBQRAUzLx.class	compiled Java class data, version 52.0 (Java 1.8)	4C47D6B8B9B9251F57686B0288509A82	207CCB258ED2ED73CA81A63E5FA9DC34CCD69D0A	52B7BE8E98604F03EFC820E7EC77FF16011568F986C45371022862AFF4CA0F46
C:\jar\carLambo\pXEQYpIAvPbarbDZMRoR.class	compiled Java class data, version 52.0 (Java 1.8)	A75CA155222D6842941EA36F3D7204A3	78700C9DCC3891739815FD1F8BB33D0C69A90158	262F9E27965D45FDD1EDA1FF53C104945C5600CEA4DD83C96D508E7FA74499FC
C:\jar\carLambo\pjLIIQVgvuPOInKOREwLQrvvgxeCAr.class	compiled Java class data, version 52.0 (Java 1.8)	8C607C3CAA15C88543DB425FE44BDE81	FD6774C03ED934612D6EF3B1514D3C503249FF04	3DD16BEAC17A5E424C5B69044E411DC02EE8734A02F1115B67E6B455374E8742
C:\jar\carLambo\qQnenommQRmzAInlnTAeg.class	compiled Java class data, version 52.0 (Java 1.8)	B090088EAB134039A96C6073B52654B7	028929F36DC8A71FFB2995ACF36004B09A6CBD42	D2BE43B8D7B7EF1884B6B2778CB0C8226B138EBFC0BBD9E4A966EE1170180793
C:\jar\carLambo\qvNsplybcQmnatGjnQTThBZ.class	compiled Java class data, version 52.0 (Java 1.8)	7B5452BF6258BE8D66C9A0DB5B55D64B	2B4088F7104D1853777A266CE5CB2252537E4E0D	47D1007C91E0BE64C2B77ABDA069B3372CB23F04E16D9CAECD44B3BAB8E25AC3
C:\jar\carLambo\rCYbIngZMxCXvVYABulZ.class	compiled Java class data, version 52.0 (Java 1.8)	EC45BD87F8DA13CD0D8329BDA04FA591	71EE4CBFA4071A4EAA7A12568F476AB25AA00000	A791B9B5C5E0779C0999CCF89DD5BB7D37EC5975B8C98F875304D1C6A7288D8A
C:\jar\carLambo\rEgmEOZGPmyKjwgxifrjbDi.class	compiled Java class data, version 52.0 (Java 1.8)	2472140BE900D15A86B7F0C55AB4CCC0	9C164354ACB06CFECD1EE853D8500FFEBEB55AF9	ADA6D904B533CD7E26A7C912ADE7EC75B1226F63ED4D6E64D283F2025131C57F
C:\jar\carLambo\rOfTrNtEMcqMLhfoFhtTPXmOS.class	compiled Java class data, version 52.0 (Java 1.8)	62E9332668273D9C6C33E95D3CC130AA	5987EE0A7045BF3257793D7374D42424ACF6E61D	27635BD38B6E8FDC68DFB38E2624FDFD25462D75CFC555683D2A793CA16416AB
C:\jar\carLambo\resources\config.txt	ASCII text, with no line terminators	6DECD93E4BB003A96D152A867D904E97	24E872B663DF301296C4CDFB8BF42A616C27F913	241AB6883F7CCE8A6B932F63239EB705F70EF00B6B833988FB13C2C6702D2B35
C:\jar\carLambo\tXuEElkzfqlTWetjTVgwULpwLk.class	compiled Java class data, version 52.0 (Java 1.8)	D0EA461CD89FBC991117F598EA004A2F	BF492721B48BDF6460B2771ED72A5509534BE1C2	8E8714BDADB543634771F2A6B65EA75F839C9A7AD2180C51C753E2F276DD046D
C:\jar\carLambo\tjBwnLxfgUZInqAXXJorajaLymNWI.class	compiled Java class data, version 52.0 (Java 1.8)	B3717A0966B55C963D58164A4552BD5A	10D338785121EFAAA38F393A3DBD09CE7C192F8E	6DE383416A0AB410354A9AF95E4628C74910FDB43916D66071F99DA8E61DB25B
C:\jar\carLambo\toANhLheFpVIBJATjkPJUTCvbMu.class	compiled Java class data, version 52.0 (Java 1.8)	BB44519675953DDC6257E8286E37D132	E6B07D6A754C2062BD57C9D0883A029DDEC1C519	1A3C0CA55754B9FD70CD2590F421A1D4FD2BD02F7A0D4C9E19F6F58F41E66389
C:\jar\carLambo\uBLIKHEHpAoUHpElmhtbDhNa.class	compiled Java class data, version 52.0 (Java 1.8)	E5D40DF25C00E2411F3AA3F4B20D866A	333744DFEFF8612687722489B894C669A9190E22	CECACE8FD41A73BD3F33601324C7E2747B8A2F23643A458B5E6848777D68F216
C:\jar\carLambo\vDWajJBFzMIEOyWGpkkOlvNI.class	compiled Java class data, version 52.0 (Java 1.8)	F3E135F1910FE1660A03C1590D17E15D	62B14CE3A6C6DF3AD2794AEEBD950D5FE68AC3C4	ABD7011E11296DD0882ED642750D43A05CC6306D3800C4CB3660B741972880E8
C:\jar\carLambo\vGKYEHoGOVkVVIDgxIUt.class	compiled Java class data, version 52.0 (Java 1.8)	B1FAC1B632BE3E543FB935B9BBCDB476	58CDBCE2757C3D8686BBCD127AC905AA87ADF0B9	10F3EB1AA0D853FF0B55F39E8A76482C7E01D796DEE12F37D863F1E1FDCED250
C:\jar\carLambo\wvGnyIgrUOTdXfGRPmvbIDXjmea.class	compiled Java class data, version 52.0 (Java 1.8)	964A549172E4957D1DA19F2EE668E316	9C315B92A8F92E64F1E4BE3E6ADD58955DCFEC73	F68D1CEA87F54CF89EBB4B23CA598750F3FAD5F94A6E145987091EB00C6436DE
C:\jar\carLambo\xjzwOiTLTjfoGTzdLznhC.class	compiled Java class data, version 52.0 (Java 1.8)	C8AF181A23986A8149181D97F6B417B5	8C975DD86A6EDD44379360720CCCC268DFFE0B27	80861756465C9CC63A0246744A11BB746F3EAF91AFEFADC1087AF401D7645BE1

Windows Analysis Report
MVO4879773357878.jar

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Windows Analysis Report MVO4879773357878.jar

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
MVO4879773357878.jar