Fake UPS label creator drops Java-based jRAT Trojan (Feb 09, 2018)

This week, the SonicWall Capture Labs Threat Research Team has seen a java-based trojan delivered via malware spam. These unsolicited emails came very similar as other malspam campaigns, disguised as important messages containing links to download official documents. The sample we analyzed however, came with a link to download a fake UPS shipping label creator.

Infection cycle:

This trojan may use the following variations of filenames:

  • uspslabel.jar
  • Order_2018.jar
  • contract332178.jar
  • scanned_copy.jar
  • receipt_02092018.jar
  • DHL delivery.jar
  • invoice.jar

Read More…