General

  • Target

    346faf46e80ba3e338118edba2aa6a15bad759d4e1f124772a669ee69dd0f941

  • Size

    608KB

  • Sample

    220619-z7bl2schal

  • MD5

    bb9ff051e76d9872d095f397236f5a4e

  • SHA1

    cebba99d6a7238dd4deeaf0868ce49b8a8638bf5

  • SHA256

    346faf46e80ba3e338118edba2aa6a15bad759d4e1f124772a669ee69dd0f941

  • SHA512

    f5568b447951986053f6711b03933868ebd9587fd6cc45f3ec4efc37afd9aad16a6e917778654b7a6e8f48236043429e3335fd4763797d41a35f4318ceb716ad

Malware Config

Targets

    • Target

      346faf46e80ba3e338118edba2aa6a15bad759d4e1f124772a669ee69dd0f941

    • Size

      608KB

    • MD5

      bb9ff051e76d9872d095f397236f5a4e

    • SHA1

      cebba99d6a7238dd4deeaf0868ce49b8a8638bf5

    • SHA256

      346faf46e80ba3e338118edba2aa6a15bad759d4e1f124772a669ee69dd0f941

    • SHA512

      f5568b447951986053f6711b03933868ebd9587fd6cc45f3ec4efc37afd9aad16a6e917778654b7a6e8f48236043429e3335fd4763797d41a35f4318ceb716ad

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks