General

  • Target

    5415e52d43ceb31ccb6a98f6a9f732df49525d21e6e3e578b392dd41b016e863

  • Size

    634KB

  • Sample

    220725-y49h8sdef7

  • MD5

    8938810624b7350a6e4f443e08c8febb

  • SHA1

    71801df93fc1759282a32111af0e1eea3c72c3fa

  • SHA256

    5415e52d43ceb31ccb6a98f6a9f732df49525d21e6e3e578b392dd41b016e863

  • SHA512

    1a4ad06d1fe86c0445aeb87c74f0a0b0225d5900772f54bb569cb90d8a7e9f0459b4a03991f01ce7a67664b2374352026b429911830bec625dfd2681b9f15457

Malware Config

Targets

    • Target

      5415e52d43ceb31ccb6a98f6a9f732df49525d21e6e3e578b392dd41b016e863

    • Size

      634KB

    • MD5

      8938810624b7350a6e4f443e08c8febb

    • SHA1

      71801df93fc1759282a32111af0e1eea3c72c3fa

    • SHA256

      5415e52d43ceb31ccb6a98f6a9f732df49525d21e6e3e578b392dd41b016e863

    • SHA512

      1a4ad06d1fe86c0445aeb87c74f0a0b0225d5900772f54bb569cb90d8a7e9f0459b4a03991f01ce7a67664b2374352026b429911830bec625dfd2681b9f15457

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks