General

  • Target

    a71889e84b47135c949c7ec3a93092bfabacaa4722a366bbd3f87c634d6a55d1

  • Size

    807KB

  • Sample

    220731-kj1hyagec5

  • MD5

    a1cffa0d4bd50ef8f58198856419d36c

  • SHA1

    a6c29ec46d67b814849d48f8ade7324a46d316f6

  • SHA256

    a71889e84b47135c949c7ec3a93092bfabacaa4722a366bbd3f87c634d6a55d1

  • SHA512

    67c4f851142daadb1dfdfcdf6a51cbe2ba7a40c6a0e8bbac55390472353efad262c0187fac85691292dad635e8c87dbac8b8535dc4c19e584bdb20d3b40283d7

Malware Config

Targets

    • Target

      a71889e84b47135c949c7ec3a93092bfabacaa4722a366bbd3f87c634d6a55d1

    • Size

      807KB

    • MD5

      a1cffa0d4bd50ef8f58198856419d36c

    • SHA1

      a6c29ec46d67b814849d48f8ade7324a46d316f6

    • SHA256

      a71889e84b47135c949c7ec3a93092bfabacaa4722a366bbd3f87c634d6a55d1

    • SHA512

      67c4f851142daadb1dfdfcdf6a51cbe2ba7a40c6a0e8bbac55390472353efad262c0187fac85691292dad635e8c87dbac8b8535dc4c19e584bdb20d3b40283d7

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks