Securityinbits · August 17, 2020 14:13
diff --git a/GlueBall_CVE-2020–1464_hash b/GlueBall_CVE-2020–1464_hash
 More details:
 https://twitter.com/Securityinbits/status/1295362979358052353

 This hash is from "GlueBall: The story of CVE-2020–1464 post by @TalBeerySec"
 https://www.virustotal.com/gui/file/dd71284ac6be9758a5046740168164ae76f743579e24929e0a840afd6f2d0d8e/details

 old_august_2018.msi (1b165119c86173b6c2b099ac0cf99107)
 contains
 only_msi.msi (c972920f2eb2322e7968a9bcee625ff8) --> non-malicious signed file
 extracted_MZ.dll (7740a80baf3f88101d26c20047b63972) --> non-malicious file
 extracted_java_malware.jar (9fd34c473d666c3411ee3f7b7564918b) --> Jacksbot/Jrat

 Dropped file from extracted_java_malware.jar
 dropped.jar (3110932a8eca0b1d6a2438344ad20d6e) --> Jacksbot/Jrat

 CC for Jacksbot/Jrat
 104.47.220.216:25050

 extracted_java_malware.jar
 Jacksbot/Jrat Config in memory
 0xe5be69f8 (62): addresses=104.247.220.216:5050,
 0xe5be6ab0 (80): os=win mac linux freebsd openbsd solaris
 0xe5be6b2e (90): pass=9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684
 0xe5be6bcc (22): mutex=false
 0xe5be6c30 (26): debugmsg=true
 0xe5be6c94 (22): error=false
 0xe5be6cf8 (24): timeout=true
 0xe5be6d56 (16): ti=false
 0xe5be6d96 (20): toms=15000
 0xe5be6dda (16): vm=false
 0xe5be6e1e (18): name=Java
 0xe5be6eac (22): reconsec=10
 0xe5be6f10 (20): mport=1334
 0xe5be6f52 (22): perms=10000
 0xe5be6fb0 (14): id=SASU
 0xe5be6ff0 (16): per=true
 0xe5be7178 (18): addresses

 References:
 https://twitter.com/Securityinbits/status/1271406138588708866
 https://www.securityinbits.com/malware-analysis/interesting-tactic-by-ratty-adwind-distribution-of-jar-appended-to-signed-msi/
 https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
 https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
	More details:
	https://twitter.com/Securityinbits/status/1295362979358052353

	This hash is from "GlueBall: The story of CVE-2020–1464 post by @TalBeerySec"
	https://www.virustotal.com/gui/file/dd71284ac6be9758a5046740168164ae76f743579e24929e0a840afd6f2d0d8e/details

	old_august_2018.msi (1b165119c86173b6c2b099ac0cf99107)
	contains
	only_msi.msi (c972920f2eb2322e7968a9bcee625ff8) --> non-malicious signed file
	extracted_MZ.dll (7740a80baf3f88101d26c20047b63972) --> non-malicious file
	extracted_java_malware.jar (9fd34c473d666c3411ee3f7b7564918b) --> Jacksbot/Jrat

	Dropped file from extracted_java_malware.jar
	dropped.jar (3110932a8eca0b1d6a2438344ad20d6e) --> Jacksbot/Jrat

	CC for Jacksbot/Jrat
	104.47.220.216:25050

	extracted_java_malware.jar
	Jacksbot/Jrat Config in memory
	0xe5be69f8 (62): addresses=104.247.220.216:5050,
	0xe5be6ab0 (80): os=win mac linux freebsd openbsd solaris
	0xe5be6b2e (90): pass=9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684
	0xe5be6bcc (22): mutex=false
	0xe5be6c30 (26): debugmsg=true
	0xe5be6c94 (22): error=false
	0xe5be6cf8 (24): timeout=true
	0xe5be6d56 (16): ti=false
	0xe5be6d96 (20): toms=15000
	0xe5be6dda (16): vm=false
	0xe5be6e1e (18): name=Java
	0xe5be6eac (22): reconsec=10
	0xe5be6f10 (20): mport=1334
	0xe5be6f52 (22): perms=10000
	0xe5be6fb0 (14): id=SASU
	0xe5be6ff0 (16): per=true
	0xe5be7178 (18): addresses

	References:
	https://twitter.com/Securityinbits/status/1271406138588708866
	https://www.securityinbits.com/malware-analysis/interesting-tactic-by-ratty-adwind-distribution-of-jar-appended-to-signed-msi/
	https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
	https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years/
No results found