General

  • Target

    39d9235ec8c71da27556914174630a6e9388ac3c5fa6bf0c7eb06564febb8d2f

  • Size

    623KB

  • Sample

    220625-jt1e9aeda5

  • MD5

    2a9ce7b24e58cab88fdbdb72b67ff19b

  • SHA1

    9f528516286eb6045f34ac59258d750a3a6bb292

  • SHA256

    39d9235ec8c71da27556914174630a6e9388ac3c5fa6bf0c7eb06564febb8d2f

  • SHA512

    b22af6371c1f62f8fab8a745d1ca5992d662e9754aad79f9d176bc4b2cdda0191b8b3158d92cb4234ed9eee0dc2c978701b8f2707e3377f1a3eab9582587b554

Malware Config

Targets

    • Target

      39d9235ec8c71da27556914174630a6e9388ac3c5fa6bf0c7eb06564febb8d2f

    • Size

      623KB

    • MD5

      2a9ce7b24e58cab88fdbdb72b67ff19b

    • SHA1

      9f528516286eb6045f34ac59258d750a3a6bb292

    • SHA256

      39d9235ec8c71da27556914174630a6e9388ac3c5fa6bf0c7eb06564febb8d2f

    • SHA512

      b22af6371c1f62f8fab8a745d1ca5992d662e9754aad79f9d176bc4b2cdda0191b8b3158d92cb4234ed9eee0dc2c978701b8f2707e3377f1a3eab9582587b554

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks