adwind | 590d68d18c4f1e312d351cfce5f9e0ffb1dfd16e80b5979f19155c7f2f843648 | Triage

Submit
Reports

Overview

overview

Static

static

Re Order 4...CT.jar

windows7_x64

Re Order 4...CT.jar

windows10-2004_x64

Sharing

General

Target

1b3565be9ec87bcb828af01ba25e9ff6
Size

942KB
Sample

220704-h2watsfbfn
MD5

1b3565be9ec87bcb828af01ba25e9ff6
SHA1

5d3a19c3834594a8e231ae9b5fb1a50245380ab9
SHA256

590d68d18c4f1e312d351cfce5f9e0ffb1dfd16e80b5979f19155c7f2f843648
SHA512

68c6a970481608c57c2273c2ba313967328955dc6580446c60c96c658af9b96ad8d9333d23627e21565e5c618c68da9fe32dd2d3744175c724d5b5752a08930d

Score

10^/10

adwind asyncrat default rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Re Order 4500324718-CIMELECT.jar

Resource

win7-20220414-en

adwind asyncrat default rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Re Order 4500324718-CIMELECT.jar

Resource

win10v2004-20220414-en

adwind asyncrat default rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

franmhort.duia.ro:8153

Mutex

Mutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
win.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  Re Order 4500324718-CIMELECT.jar
- Size
  
  694KB
- MD5
  
  7c5d4887188330ff9c6eb853f2e58847
- SHA1
  
  91fdfe9ee9bc580ec2440f7485f71e3d34d4c883
- SHA256
  
  ead8106d04189a9765d0e125d5d504e30c2c1bc3223a8d9d3ee897af82846b96
- SHA512
  
  7b907daaf146bbc06657d33f7a7b5e0254615c080de46ebabb16fea282b0cea67dcb164c0a42a489fbcd7ca70624aef19d58ddc2ae36571867225f936c01f12f
Score

10^/10

adwind asyncrat default rat trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Async RAT payload
  rat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Hidden Files and Directories

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwindasyncratdefaultrattrojan

behavioral2

adwindasyncratdefaultrattrojan

© 2018-2024

Terms | Privacy