Malware Analysis - Dumping COVID-19.jar RAT With Java Instrumentation

QAzs66psLjY/default.jpg

We dynamically unpack a Java remote access trojan that jumps on the COVID-19 bandwagon to trick users into running it.

The dumping method is useful for other packed JAR malware as well. It utilizes Java instrumentation, more specifically Java Agent.

Referenced blog article: https://www.securityinbits.com/malwar...
Source code: https://github.com/Securityinbits/blo...
Sample download (password: "infected"): https://www.dropbox.com/s/d8tbhasrexi...

Sample on VT: https://www.virustotal.com/gui/file/6...

QAzs66psLjY/default.jpg
Malware Analysis - Dumping COVID-19.jar RAT With Java Instrumentation Malware Analysis - Dumping COVID-19.jar RAT With Java Instrumentation Reviewed by Anonymous on April 25, 2020 Rating: 5