General

  • Target

    4b9d186c811dea0e8cad86a5386668a6bd202d4b70ac3da5116a39532b43ef50

  • Size

    614KB

  • Sample

    220712-lbjqwsbggp

  • MD5

    f4235107987d6811db7e95d9e35da651

  • SHA1

    3b4ad327999303cd696c6154fe04a8e7536be4a7

  • SHA256

    4b9d186c811dea0e8cad86a5386668a6bd202d4b70ac3da5116a39532b43ef50

  • SHA512

    0d303546cf20121cb6cedf299e98d4492cf96523ad36195b337995e7a538adca9e3ef061d0abe2122ba093d11510d54c6815f323e065c60ea7d6d37b7f5a2088

Malware Config

Targets

    • Target

      4b9d186c811dea0e8cad86a5386668a6bd202d4b70ac3da5116a39532b43ef50

    • Size

      614KB

    • MD5

      f4235107987d6811db7e95d9e35da651

    • SHA1

      3b4ad327999303cd696c6154fe04a8e7536be4a7

    • SHA256

      4b9d186c811dea0e8cad86a5386668a6bd202d4b70ac3da5116a39532b43ef50

    • SHA512

      0d303546cf20121cb6cedf299e98d4492cf96523ad36195b337995e7a538adca9e3ef061d0abe2122ba093d11510d54c6815f323e065c60ea7d6d37b7f5a2088

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks