adwind | b2cfb719020e4c18fe7978bdf369e5c1fae69dd83260308747c608f4bdd8ecdb | Triage

Submit
Reports

Overview

overview

Static

static

PO.211071(123).jar

windows7_x64

PO.211071(123).jar

windows10_x64

Sharing

General

Target

PO.211071(123).jar
Size

645KB
Sample

211207-nt141ahaar
MD5

a114fe4550c52315ccac4b1fa42341a1
SHA1

cc572372b215e0f17fcfc04170dc3256f345f3c2
SHA256

b2cfb719020e4c18fe7978bdf369e5c1fae69dd83260308747c608f4bdd8ecdb
SHA512

60d097590b7291593180b80591d64bb7de36ef586db28f45d4b625bdbf036f98ddf5648e2aeaab016efe103034fc0335ed7fe38275cc11c5f8135379faadb2b0

Score

10^/10

adwind vjw0rm evasion persistence trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

PO.211071(123).jar

Resource

win7-en-20211014

adwind vjw0rm persistence trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO.211071(123).jar

Resource

win10-en-20211104

adwind vjw0rm evasion persistence trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PO.211071(123).jar
- Size
  
  645KB
- MD5
  
  a114fe4550c52315ccac4b1fa42341a1
- SHA1
  
  cc572372b215e0f17fcfc04170dc3256f345f3c2
- SHA256
  
  b2cfb719020e4c18fe7978bdf369e5c1fae69dd83260308747c608f4bdd8ecdb
- SHA512
  
  60d097590b7291593180b80591d64bb7de36ef586db28f45d4b625bdbf036f98ddf5648e2aeaab016efe103034fc0335ed7fe38275cc11c5f8135379faadb2b0
Score

10^/10

adwind vjw0rm persistence trojan worm evasion
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- UAC bypass
  evasion trojan
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

adwindvjw0rmpersistencetrojanworm

behavioral2

adwindvjw0rmevasionpersistencetrojanworm

© 2018-2024

Terms | Privacy