General

  • Target

    5657aeb7f2bdf53e0a0d3888d6853b3d29ec6e268d0324cdabfbc0c2ca69fbf8

  • Size

    529KB

  • Sample

    220725-ekltaadgc5

  • MD5

    d5b3ca796635a56777c874182ce1c4dc

  • SHA1

    31485896f8136869c17d94b4ea0071f4a5e3483c

  • SHA256

    5657aeb7f2bdf53e0a0d3888d6853b3d29ec6e268d0324cdabfbc0c2ca69fbf8

  • SHA512

    fa439e4a6648fd413f978ce1d47805a8bf0986853bdd0b636be93c226fca11ab83d19be9379679d5bca1596dee791e54b717ba2e3aae1c5c351ad1338303e2cf

Malware Config

Targets

    • Target

      5657aeb7f2bdf53e0a0d3888d6853b3d29ec6e268d0324cdabfbc0c2ca69fbf8

    • Size

      529KB

    • MD5

      d5b3ca796635a56777c874182ce1c4dc

    • SHA1

      31485896f8136869c17d94b4ea0071f4a5e3483c

    • SHA256

      5657aeb7f2bdf53e0a0d3888d6853b3d29ec6e268d0324cdabfbc0c2ca69fbf8

    • SHA512

      fa439e4a6648fd413f978ce1d47805a8bf0986853bdd0b636be93c226fca11ab83d19be9379679d5bca1596dee791e54b717ba2e3aae1c5c351ad1338303e2cf

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks