Heavily Obfuscated JAR Drops Adwind RAT | Network
Logo
Try VMRay Analyzer
VTI SCORE: 91/100
Dynamic Analysis Report
Classification: Hacktool, Trojan

fd86a9b0f3bcd1dc2b061bb7a77b3871cb6d101505218f763221ee9945e69bf3 (SHA256)

Bissell New PO.qrypted.jar

Java Archive

Created at 2018-07-19 09:49:00

...

Notifications (2/2)

Due to a WHOIS service error, no query could be made to get WHOIS data of any contacted domain.

The operating system was rebooted during the analysis.

Remarks

Due to a WHOIS service error, no query could be made to get WHOIS data of any contacted domain.

Network Overview

Hosts (2)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
zgw5tdpu fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 - -
Unknown
Not Queried
- 185.227.83.34 - TCP
Not Queried
Not Queried
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
zgw5tdpu - - Function Log
Unknown

Connections

DNS (18)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = ZgW5tdPu True 2
Fn
Get Hostname name_out = ZgW5tdPu True 2
Fn
Get Hostname name_out = ZgW5tdPu True 2
Fn
Get Hostname name_out = ZgW5tdPu True 2
Fn
Get Hostname name_out = ZgW5tdPu True 2
Fn
Get Hostname name_out = ZgW5tdPu True 2
Fn
Resolve Name host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 True 1
Fn
Resolve Name host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 True 1
Fn
Resolve Name host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 True 1
Fn
Resolve Name host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 True 1
Fn
Resolve Name host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 True 1
Fn
Resolve Name host = ZgW5tdPu, address_out = fe80:0000:0000:0000:5969:84a4:f9e2:1f2b, 192.168.0.60 True 1
Fn
TCP Sessions (9)
»
Information Value
Total Data Sent 1.71 KB
Total Data Received 0.00 KB
Contacted Host Count 1
Contacted Hosts 185.227.83.34
TCP Session #1
»
Information Value
Source PCAP
Stream ID 0
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49161
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
53.988869 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
57.000682 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
63.006672 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #2
»
Information Value
Source PCAP
Stream ID 3
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49159
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
113.769209 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
116.814715 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
122.914318 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #3
»
Information Value
Source PCAP
Stream ID 4
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49168
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
137.129288 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
140.136903 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
146.143253 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #4
»
Information Value
Source PCAP
Stream ID 5
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49176
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
160.338471 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
163.349698 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
169.360447 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #5
»
Information Value
Source PCAP
Stream ID 6
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49185
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
183.475345 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
186.484445 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
192.497791 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #6
»
Information Value
Source PCAP
Stream ID 7
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49193
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
206.651156 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
209.654961 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
215.656872 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #7
»
Information Value
Source PCAP
Stream ID 8
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49202
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
229.809941 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
232.816502 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
238.835566 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #8
»
Information Value
Source PCAP
Stream ID 9
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49210
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
252.984386 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
255.998179 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
262.004120 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
TCP Session #9
»
Information Value
Source PCAP
Stream ID 10
Remote Address 185.227.83.34
Remote Port 4357
Local Address 192.168.0.60
Local Port 49219
Data Sent 0.19 KB
Data Received 0.00 KB
Time Highest Layer Additional Information Success
276.109208 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
279.119068 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
285.126328 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image