General

  • Target

    ORDER.jar

  • Size

    623KB

  • Sample

    221107-nnad4adfh6

  • MD5

    e37d9ff2406944a9576dcdcb40bbcd00

  • SHA1

    dbd2af3022707a2aa948a02232e8c9d229131d66

  • SHA256

    58e22580d9333471dd6f10809f9a4bf116e420852abeecd5c35e8b5fe97f9d95

  • SHA512

    a8294027d459560b68fba974c41671276a39d014471051ce1726aad6508b0e533d2eb5e5673476e1752e94bcd29835c77a6e52f26dd25612ef89cc7b45782b5f

  • SSDEEP

    12288:LwopdujmTprue2LDqW+FGIRAl3dVeOh9jzCLPycRX+EihfuqQS:UoDujkrWDaFnabxzsy0XU4S

Malware Config

Targets

    • Target

      ORDER.jar

    • Size

      623KB

    • MD5

      e37d9ff2406944a9576dcdcb40bbcd00

    • SHA1

      dbd2af3022707a2aa948a02232e8c9d229131d66

    • SHA256

      58e22580d9333471dd6f10809f9a4bf116e420852abeecd5c35e8b5fe97f9d95

    • SHA512

      a8294027d459560b68fba974c41671276a39d014471051ce1726aad6508b0e533d2eb5e5673476e1752e94bcd29835c77a6e52f26dd25612ef89cc7b45782b5f

    • SSDEEP

      12288:LwopdujmTprue2LDqW+FGIRAl3dVeOh9jzCLPycRX+EihfuqQS:UoDujkrWDaFnabxzsy0XU4S

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks