2016-02-02 Malicious Jar Attachment
IoC from this investigation: ============================ myson123456[.]ddns[.]net 178.32.72.136:2550 Here is another example of an email that most users get claiming that they (the user) has something that they need to action on. In this case it is a malicious Java file. Thankfully most email gateways block these types of files from every reaching the user base. Let’s dig in. The Java file has the following characteristics: File Name: payment..jar Size: 118KB MD5: f4b463e4df4ef274a198bfb07ed3e6cd SHA256: f4c93ab532e53274bd97c00fccba3b231de0832e743879380f7af7bf81aef60f Virustotal Link: http://www.virustotal.com/en/file/f4c93ab532e53274bd97c00fccba3b231de0832e743879380f7af7bf81aef60f/analysis/ Detection Ratio: 25 / 54 First Submitted: 2016-02-07 21:28:02 UTC Malwr link: http://malwr.com/analysis/Y2FmYjEwNGM0MjM5NDBmYWI3YTdjYjJkOTRjY2M5OWY/ Since this is a Java file, I usually like to…