General

  • Target

    31b771f30ce4f7c188e6024900c642732fdabcb22c626d0db504be6b8b867b47

  • Size

    969KB

  • Sample

    220620-wxsk2abfc3

  • MD5

    ef280abf7d55164ce100300dfb083e17

  • SHA1

    b336bd4b0a0e0514aecc400f579f2be2b24d60b5

  • SHA256

    31b771f30ce4f7c188e6024900c642732fdabcb22c626d0db504be6b8b867b47

  • SHA512

    846848b4123dc2e6b3d8474a1c195a56e2318fe96feb987a72f9d970be9b3ec757884d71b0115b973d03e60b69f7c262a8915a814611ce943b79c76046a20bab

Malware Config

Targets

    • Target

      fattura2.jar

    • Size

      1.6MB

    • MD5

      47b1731653008b455c3bbe2229622527

    • SHA1

      79a2cb46b49862bfd8ae92f05efb189717f00f46

    • SHA256

      002b00d2cceee6621a0826357077e824876bee4a3d7eb033ed00d68cd0e82235

    • SHA512

      c52dbf5344c4166046709724b9c4931f1653022172ec1b04c0b937612438c86dddd2aeabe24b643a70aaaba745849bf1748fa69279c75bae7534dc2fcbc90750

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks