General

  • Target

    Orderlist.jar

  • Size

    479KB

  • Sample

    221109-nnv1ssaahp

  • MD5

    0615a57d8258d087eff7efce8c772f34

  • SHA1

    494d40db7937bf7afbff18aef4f1ddd7d44a6a98

  • SHA256

    d61e712d33eb5c948bb64c232292e64add9fbe64172163b2eaaa333a017edce3

  • SHA512

    572dffc02e698320dc574420e041ab280d318dabfcdd707ec85c3fc10a6a159f96d26beb9a6152f7f74c52bcc2a176ea371c755d9846c90b168294772d5e1fda

  • SSDEEP

    6144:5Xyx0hqD0/4EeyeYW3DMVE9PjMUSI5pxUb7gvY8ulmcCV/hIl0/0c2qna3PJ7phZ:5isZNWzMgjMq5pxogQNUhIK/0c2qnAX

Malware Config

Targets

    • Target

      Orderlist.jar

    • Size

      479KB

    • MD5

      0615a57d8258d087eff7efce8c772f34

    • SHA1

      494d40db7937bf7afbff18aef4f1ddd7d44a6a98

    • SHA256

      d61e712d33eb5c948bb64c232292e64add9fbe64172163b2eaaa333a017edce3

    • SHA512

      572dffc02e698320dc574420e041ab280d318dabfcdd707ec85c3fc10a6a159f96d26beb9a6152f7f74c52bcc2a176ea371c755d9846c90b168294772d5e1fda

    • SSDEEP

      6144:5Xyx0hqD0/4EeyeYW3DMVE9PjMUSI5pxUb7gvY8ulmcCV/hIl0/0c2qna3PJ7phZ:5isZNWzMgjMq5pxogQNUhIK/0c2qnAX

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks