adwind | 7cbeaddc814678cb1a8745a6962007f572dfde41fed0203355e1d4679f159a9b | Triage

Sharing

General

Target

046689b33237297e1c966538eb6ae968_JaffaCakes118
Size

670KB
Sample

240428-fc1g5sgd29
MD5

046689b33237297e1c966538eb6ae968
SHA1

e4788f57c8dc9d6516ca4b73f7cb49ff40a90b66
SHA256

7cbeaddc814678cb1a8745a6962007f572dfde41fed0203355e1d4679f159a9b
SHA512

883a1ec508263bdf175abdca78ddf02b3e90bb5dd890859432e2df0b5cd8533b6ddae872d181a659512fc24c52060e22281d514fce2d02d821922daa9d7ef4a9
SSDEEP

12288:2X6zh4UEcOShSOlyLRSPPh+5Wycuk7GPvsY3zcl15GdM4:jz/EcOSzllk5WyZEYGEJ

Score

10^/10

adwind discovery persistence trojan

Malware Config

Targets

- Target
  
  046689b33237297e1c966538eb6ae968_JaffaCakes118
- Size
  
  670KB
- MD5
  
  046689b33237297e1c966538eb6ae968
- SHA1
  
  e4788f57c8dc9d6516ca4b73f7cb49ff40a90b66
- SHA256
  
  7cbeaddc814678cb1a8745a6962007f572dfde41fed0203355e1d4679f159a9b
- SHA512
  
  883a1ec508263bdf175abdca78ddf02b3e90bb5dd890859432e2df0b5cd8533b6ddae872d181a659512fc24c52060e22281d514fce2d02d821922daa9d7ef4a9
- SSDEEP
  
  12288:2X6zh4UEcOShSOlyLRSPPh+5Wycuk7GPvsY3zcl15GdM4:jz/EcOSzllk5WyZEYGEJ
Score

10^/10

adwind discovery persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

adwinddiscoverypersistencetrojan