General

  • Target

    3b6bf9a6a904ed136f3ddf32b0152caf0688360296b161a05423471f85c9335f

  • Size

    546KB

  • Sample

    220703-tz97ragfdl

  • MD5

    cc72e0a38c15b4375c836e89d0c4e2e9

  • SHA1

    bfea74fd5ac7c2ad04e8fa49e0f6af85f285e9d4

  • SHA256

    3b6bf9a6a904ed136f3ddf32b0152caf0688360296b161a05423471f85c9335f

  • SHA512

    a3b9bf3e3c4e43f0c683d3c83587c65cffce18c1cedcc4206c84dbb8e91be9acbcd9572f9a9523138fa3102d06f3985dcef32b671236f1cab2dd234e7f342e1c

Malware Config

Targets

    • Target

      3b6bf9a6a904ed136f3ddf32b0152caf0688360296b161a05423471f85c9335f

    • Size

      546KB

    • MD5

      cc72e0a38c15b4375c836e89d0c4e2e9

    • SHA1

      bfea74fd5ac7c2ad04e8fa49e0f6af85f285e9d4

    • SHA256

      3b6bf9a6a904ed136f3ddf32b0152caf0688360296b161a05423471f85c9335f

    • SHA512

      a3b9bf3e3c4e43f0c683d3c83587c65cffce18c1cedcc4206c84dbb8e91be9acbcd9572f9a9523138fa3102d06f3985dcef32b671236f1cab2dd234e7f342e1c

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks