Downloader Malware Written in JPHP Interpreter

SUMMARY :

A newly discovered malware utilizes JPHP, a PHP interpreter running on Java Virtual Machine, to create a downloader. The malware is distributed in a ZIP file containing Java Runtime Environment and libraries, enabling execution without a separate Java environment. It communicates with a C2 server, disables Windows Defender's behavior monitoring, and uses Telegram for additional C2 connections. The malware can download and execute additional payloads, potentially including data breach-type malware like Strrat and Danabot. This case highlights how threat actors exploit lesser-known technologies like JPHP for malware distribution, emphasizing the importance of scrutinizing executable files and scripts from various sources.

OPENCTI LABELS :

strrat,danabot,php,jphp


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Downloader Malware Written in JPHP Interpreter