General

  • Target

    420461e7418882c36ea529c000370a6fb8179e0e806dcbabbe3611d478263926

  • Size

    577KB

  • Sample

    220708-ee6lhagcfj

  • MD5

    f19f800b0fc62a0b6cd5248f1f6b04be

  • SHA1

    e5dbf43db712affb7dba53547b94933a3ea9fe73

  • SHA256

    420461e7418882c36ea529c000370a6fb8179e0e806dcbabbe3611d478263926

  • SHA512

    5f77362c97babcc4922f86a41c4668208202e46ddc1c7629c6b6ec78d8d25cdfcfc365f2a836ff848485905d9029aea43b9ffae4aba5d767241b1c84b15eb5dc

Malware Config

Targets

    • Target

      420461e7418882c36ea529c000370a6fb8179e0e806dcbabbe3611d478263926

    • Size

      577KB

    • MD5

      f19f800b0fc62a0b6cd5248f1f6b04be

    • SHA1

      e5dbf43db712affb7dba53547b94933a3ea9fe73

    • SHA256

      420461e7418882c36ea529c000370a6fb8179e0e806dcbabbe3611d478263926

    • SHA512

      5f77362c97babcc4922f86a41c4668208202e46ddc1c7629c6b6ec78d8d25cdfcfc365f2a836ff848485905d9029aea43b9ffae4aba5d767241b1c84b15eb5dc

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks