General

  • Target

    mzqdratjs.txt.jar

  • Size

    479KB

  • Sample

    221121-ty1a6ahd35

  • MD5

    063d60c5bd1535b97691264e37164f5e

  • SHA1

    45015b6104d9d527a08f49382f223ac080368e48

  • SHA256

    f77928d616b28153a352b719db130b79788066fd5bc0bfbe7181d27bfca27ff6

  • SHA512

    4566ead5ee56447f0ce47312ff900fb0f8e6022159bd7021d0f84b723dce0682aad7635d3036eedb45c7bc93512b6db3701cc62cfae07776ed1d9b9cdbe3813f

  • SSDEEP

    12288:z5eSjgstCFvu6Fia+Tw98MR+5pxogQNUhIK/0c2qnAp:1Djh0GWraMRUsS7B2qnc

Malware Config

Targets

    • Target

      mzqdratjs.txt.jar

    • Size

      479KB

    • MD5

      063d60c5bd1535b97691264e37164f5e

    • SHA1

      45015b6104d9d527a08f49382f223ac080368e48

    • SHA256

      f77928d616b28153a352b719db130b79788066fd5bc0bfbe7181d27bfca27ff6

    • SHA512

      4566ead5ee56447f0ce47312ff900fb0f8e6022159bd7021d0f84b723dce0682aad7635d3036eedb45c7bc93512b6db3701cc62cfae07776ed1d9b9cdbe3813f

    • SSDEEP

      12288:z5eSjgstCFvu6Fia+Tw98MR+5pxogQNUhIK/0c2qnAp:1Djh0GWraMRUsS7B2qnc

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • UAC bypass

    • Disables Task Manager via registry modification

    • Disables use of System Restore points

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks