adwind | deb9ff83fab43719118a2484b9747aacf189cdafb5a3826cee1a75e3efa28606 | Triage

Sharing

General

Target

Purchase Order PO-3163.jar
Size

477KB
Sample

210421-hsfg72pa2n
MD5

634556b334f8b2825005a83763a8a2e6
SHA1

9badaaadefe722a9082ea9c57cd46bbd964c3659
SHA256

deb9ff83fab43719118a2484b9747aacf189cdafb5a3826cee1a75e3efa28606
SHA512

bfebafb4e399fa8ac7c80a41e48976256bffd5466ba01149cac90ec8f15c57c14ecf55838d01a4f42fd8a4e84ea011e53a5695ceb9ef82e9d8871b32f30c0142

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  Purchase Order PO-3163.jar
- Size
  
  477KB
- MD5
  
  634556b334f8b2825005a83763a8a2e6
- SHA1
  
  9badaaadefe722a9082ea9c57cd46bbd964c3659
- SHA256
  
  deb9ff83fab43719118a2484b9747aacf189cdafb5a3826cee1a75e3efa28606
- SHA512
  
  bfebafb4e399fa8ac7c80a41e48976256bffd5466ba01149cac90ec8f15c57c14ecf55838d01a4f42fd8a4e84ea011e53a5695ceb9ef82e9d8871b32f30c0142
Score

10^/10

adwind trojan persistence
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwindpersistencetrojan