General

  • Target

    vdnlymlf.txt.jar

  • Size

    479KB

  • Sample

    220617-sqdxhsfab8

  • MD5

    0af2ffb0e3a810f556a0eef909a5ecc7

  • SHA1

    641fe60bfa8569a0a13dc9279ea1cafb5cb912ad

  • SHA256

    9d05feba177ac6b9433f0a28bf9e6ba9828f1621f625f7ca80009a1cf5b5374b

  • SHA512

    883f01a0d0c2ed6ada0dd3d2b4548d01b54f6cf4fcfd6a39f9a61511147fefc4ea8ad4392873fd54e4d7c1c04adc01c94bf99447ddfcde925340ae4ea409b1c9

Malware Config

Targets

    • Target

      vdnlymlf.txt.jar

    • Size

      479KB

    • MD5

      0af2ffb0e3a810f556a0eef909a5ecc7

    • SHA1

      641fe60bfa8569a0a13dc9279ea1cafb5cb912ad

    • SHA256

      9d05feba177ac6b9433f0a28bf9e6ba9828f1621f625f7ca80009a1cf5b5374b

    • SHA512

      883f01a0d0c2ed6ada0dd3d2b4548d01b54f6cf4fcfd6a39f9a61511147fefc4ea8ad4392873fd54e4d7c1c04adc01c94bf99447ddfcde925340ae4ea409b1c9

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks