Malware Analysis - Dumping COVID-19.jar RAT With Java Instrumentation
We dynamically unpack a Java remote access trojan that jumps on the COVID-19 bandwagon to trick users into running it.
The dumping method is useful for other packed JAR malware as well. It utilizes Java instrumentation, more specifically Java Agent.
Referenced blog article: https://www.securityinbits.com/malwar...
Source code: https://github.com/Securityinbits/blo...
Sample download (password: "infected"): https://www.dropbox.com/s/d8tbhasrexi...
Sample on VT: https://www.virustotal.com/gui/file/6...
Malware Analysis - Dumping COVID-19.jar RAT With Java Instrumentation
Reviewed by Anonymous
on
April 25, 2020
Rating: