General

  • Target

    a9652a92f142b4d3ba8735e9bbf57b3cf6cd323a6381537f9966efd49d048af7

  • Size

    634KB

  • Sample

    221108-pfj41ahdcl

  • MD5

    c672f899bc683144d51647f8195e4e34

  • SHA1

    58bd52a655f69140985f81db6403d9714f5a0fe5

  • SHA256

    a9652a92f142b4d3ba8735e9bbf57b3cf6cd323a6381537f9966efd49d048af7

  • SHA512

    efa7964fe34a8d1f6ae76583a813ac6637634a935651f4debb0db18d7815cb0a83570539dcc4bbe82bdb9075f612baf3c8a683392ee3a35287faabbd6750b86d

  • SSDEEP

    12288:3SCnuZuB8YTKLgt99WX3Sg+qnsMpUrYdZwwmKI6wa6To4gORkAWTos9:3TuZA8iR9syOjZOa6To6kD19

Malware Config

Targets

    • Target

      Arrival Notice 00054625367523225.jar

    • Size

      634KB

    • MD5

      fa64690dda2484a48fc86411efbb2d43

    • SHA1

      064b7ed248714ad406e408c3d8f3381023e9fa64

    • SHA256

      e2e2f25cbf2bdf82ebd9cb9c7fd157b60537e606b10c85d4955d6460c93d037e

    • SHA512

      a2b3bba43a9967609ee016a5ae0c854db2f0d9c02733a83e2b5a7249e66a4c62deb20977f199a669f92a7b9947285e036f685b3c5db82137d35cd9fcff185fdd

    • SSDEEP

      12288:oSCbuX8B8YhKLgB/nWX3MgwqnEMN6ZYjpOwIKI0Ua6Bi4IOtQAITk:ofuXS8wN/WsGPHGa6BioQ7Y

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks