adwind | 8ab87e7fcf49648efa256ca90e9907c46b7c67a46de01630c97477a1b0d0025f | Triage

Submit
Reports

Overview

overview

Static

static

JUSTIFICAN...O .jar

windows7_x64

JUSTIFICAN...O .jar

windows10-2004_x64

7

Sharing

General

Target

JUSTIFICANTE PAGO .jar
Size

623KB
Sample

220627-slqeradha5
MD5

8f2e219434282e43f8fa9386081c898b
SHA1

d749418ec454764bf243c73fb28d36a83118cc35
SHA256

8ab87e7fcf49648efa256ca90e9907c46b7c67a46de01630c97477a1b0d0025f
SHA512

bdffa5e00006868e68fc1afae57c26939797b9413b457e0d2f392f0aa72c902c81144bcf4f3645dfaa230fab8cd5c9dec1dd2541ffaab5f9e22aceb69a313533

Score

10^/10

adwind vjw0rm evasion persistence trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

JUSTIFICANTE PAGO .jar

Resource

win7-20220414-en

adwind vjw0rm evasion persistence trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

JUSTIFICANTE PAGO .jar

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  JUSTIFICANTE PAGO .jar
- Size
  
  623KB
- MD5
  
  8f2e219434282e43f8fa9386081c898b
- SHA1
  
  d749418ec454764bf243c73fb28d36a83118cc35
- SHA256
  
  8ab87e7fcf49648efa256ca90e9907c46b7c67a46de01630c97477a1b0d0025f
- SHA512
  
  bdffa5e00006868e68fc1afae57c26939797b9413b457e0d2f392f0aa72c902c81144bcf4f3645dfaa230fab8cd5c9dec1dd2541ffaab5f9e22aceb69a313533
Score

10^/10

adwind vjw0rm evasion persistence trojan worm
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- UAC bypass
  evasion trojan
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

adwindvjw0rmevasionpersistencetrojanworm

behavioral2

© 2018-2024

Terms | Privacy