Managed XDR

penis.jar — malware analysis report

File info

Filename
penis.jar
File type
Zip archive data, at least v2.0 to extract
File size
639.6 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
def7fca024c9f47c0ecab1d02ae5a460c07a6bcf
SHA256
47b6119f86d8004e0c77e9a60668bc7d0247c4cd076db631376073053eecb691
MD5
f71487892efb9582996c410534182231

Signatures

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1564.001 stealth_file: Creates hidden or system files
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
creates_in_programdata: Creates files in the ProgramData directory
suspicious_network_port: Performs TCP or UDP request to non-standard port