General

  • Target

    IMG-995858757-UPDATE-INVOICE.jar

  • Size

    624KB

  • Sample

    220619-leq95sgdg4

  • MD5

    dc39ebffc1e3bcd6b29a60c8b9ac9d44

  • SHA1

    2c3cbdc408456f58b58ee3ced27fe1b7b6527c28

  • SHA256

    91b2cd3c9060a758222e858c5ee1f71d3cffaefa87f3d2cf4caf7abcae62a966

  • SHA512

    1f1a255161a836c4c267322d5e613a741314ae2d8594fca5de3e1336ebc7fc72124514da18b70c264d091b92c4e41b70313213a3e2997e420e6ffea28e3b732c

Malware Config

Targets

    • Target

      IMG-995858757-UPDATE-INVOICE.jar

    • Size

      624KB

    • MD5

      dc39ebffc1e3bcd6b29a60c8b9ac9d44

    • SHA1

      2c3cbdc408456f58b58ee3ced27fe1b7b6527c28

    • SHA256

      91b2cd3c9060a758222e858c5ee1f71d3cffaefa87f3d2cf4caf7abcae62a966

    • SHA512

      1f1a255161a836c4c267322d5e613a741314ae2d8594fca5de3e1336ebc7fc72124514da18b70c264d091b92c4e41b70313213a3e2997e420e6ffea28e3b732c

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks