Managed XDR

araba.jar — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
araba.jar
Тип файла
Zip archive data, at least v2.0 to extract
Размер файла
639.6 KB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x86 en

Хеши

SHA1
57ee9bb712e607b174dcedcd89ea8bff2b4892c1
SHA256
5946c7066ee3bdc0ac048bdca2dd2ca5cc685184201af63a565e36b6dfe73c44
MD5
57a9a5e8c8c24cb776a684ba0187f713

Сигнатуры

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1564.001 stealth_file: Creates hidden or system files
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
dead_host: Connects to IP addresses that do not respond to requests
creates_in_programdata: Creates files in the ProgramData directory