adwind | 3f4d49818d707c08f06e326f317e3353143be6d94d516600c9cd8d3612fd1900 | Triage

Sharing

General

Target

67020079517_20210419_16324653_HesapOzeti PDF.jar
Size

641KB
Sample

210421-celnalm71n
MD5

2292ed191b66e4746ac4d930aa413143
SHA1

7c6c9fa4968c5f7351fa9e6faba8f1c719df74e9
SHA256

3f4d49818d707c08f06e326f317e3353143be6d94d516600c9cd8d3612fd1900
SHA512

c85bde3c9471269c02f35c2461c9998da0727fdb0ccd517ad6fc123931e31a404cb7f44570c12eb1089511f1952234e514ca026fdf2ace11dbbb5abd91b64e07

Score

10^/10

adwind evasion persistence trojan

Malware Config

Targets

- Target
  
  67020079517_20210419_16324653_HesapOzeti PDF.jar
- Size
  
  641KB
- MD5
  
  2292ed191b66e4746ac4d930aa413143
- SHA1
  
  7c6c9fa4968c5f7351fa9e6faba8f1c719df74e9
- SHA256
  
  3f4d49818d707c08f06e326f317e3353143be6d94d516600c9cd8d3612fd1900
- SHA512
  
  c85bde3c9471269c02f35c2461c9998da0727fdb0ccd517ad6fc123931e31a404cb7f44570c12eb1089511f1952234e514ca026fdf2ace11dbbb5abd91b64e07
Score

10^/10

adwind evasion persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

adwindevasionpersistencetrojan

behavioral2

adwindevasionpersistencetrojan