General

  • Target

    Shipping Bill No2824153PDF.jar

  • Size

    952KB

  • Sample

    220809-hcw6tsgbc3

  • MD5

    af6bbd30ab51e8acede670eb0c4a0b35

  • SHA1

    6bbf9708181f6fa053073b61d3577bf6a86fb11c

  • SHA256

    8e888e221119fbaf12b4b060eeb61e2aabd23f5ef4ff1e009a8f20382d15a8b6

  • SHA512

    2d56f9e6724de2d0c51414d955838ba93e86ef95b80796aa4341d701657696cc159f3516961830004e815bf1f2b786fdf1ef3e1907da44eb9b2169e990157e1d

Malware Config

Targets

    • Target

      Shipping Bill No2824153PDF.jar

    • Size

      952KB

    • MD5

      af6bbd30ab51e8acede670eb0c4a0b35

    • SHA1

      6bbf9708181f6fa053073b61d3577bf6a86fb11c

    • SHA256

      8e888e221119fbaf12b4b060eeb61e2aabd23f5ef4ff1e009a8f20382d15a8b6

    • SHA512

      2d56f9e6724de2d0c51414d955838ba93e86ef95b80796aa4341d701657696cc159f3516961830004e815bf1f2b786fdf1ef3e1907da44eb9b2169e990157e1d

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks