General

  • Target

    3c81c9bff0b16810dda71403b5d70629e65eae381cc9cd12e1f9ea39d73dbf6a

  • Size

    2.4MB

  • Sample

    220703-h2t3rscba3

  • MD5

    154b8ca7e65c732849628f7374957679

  • SHA1

    e96a1b97a617cc5bcb36e44b43433be458d52f88

  • SHA256

    3c81c9bff0b16810dda71403b5d70629e65eae381cc9cd12e1f9ea39d73dbf6a

  • SHA512

    63ed27e65d263a2e63fa3511fdbe19c74e8497f7c60bb34e1af3648194d6c872c6fb4c4189b94af7f26eb82a49ec0afe22c539a0729c854f1c1af2d89f01923c

Malware Config

Targets

    • Target

      3c81c9bff0b16810dda71403b5d70629e65eae381cc9cd12e1f9ea39d73dbf6a

    • Size

      2.4MB

    • MD5

      154b8ca7e65c732849628f7374957679

    • SHA1

      e96a1b97a617cc5bcb36e44b43433be458d52f88

    • SHA256

      3c81c9bff0b16810dda71403b5d70629e65eae381cc9cd12e1f9ea39d73dbf6a

    • SHA512

      63ed27e65d263a2e63fa3511fdbe19c74e8497f7c60bb34e1af3648194d6c872c6fb4c4189b94af7f26eb82a49ec0afe22c539a0729c854f1c1af2d89f01923c

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks