General

  • Target

    PO2207SFI0036.jar

  • Size

    625KB

  • Sample

    220707-f91jeagad7

  • MD5

    9fd52b9d1f4aa23be2d9da189825dcd5

  • SHA1

    0a7cdb8bb39ea6a5da93abe7313cdb0709fe78f2

  • SHA256

    b8e82650075522e0e110f5323b90cda807342f07a5d7ca9e84655be8c774cd73

  • SHA512

    a002794283a2930a798e34983ca5a58908d975c6e969d11547ccf72b2e53a70cd7da3bd93b45188014653b78f0e5ef0227503a93dd879ab8bae214485c1837ae

Malware Config

Targets

    • Target

      PO2207SFI0036.jar

    • Size

      625KB

    • MD5

      9fd52b9d1f4aa23be2d9da189825dcd5

    • SHA1

      0a7cdb8bb39ea6a5da93abe7313cdb0709fe78f2

    • SHA256

      b8e82650075522e0e110f5323b90cda807342f07a5d7ca9e84655be8c774cd73

    • SHA512

      a002794283a2930a798e34983ca5a58908d975c6e969d11547ccf72b2e53a70cd7da3bd93b45188014653b78f0e5ef0227503a93dd879ab8bae214485c1837ae

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks