Resubmissions

30-10-2023 23:20

231030-3bjjkafe2x 1

30-10-2023 00:20

231030-am335abg38 10

General

  • Target

    MDE_File_Sample_59b86277b79804fdefd7bfd68c63f9f3e44b2ad9.zip

  • Size

    1.0MB

  • Sample

    231030-am335abg38

  • MD5

    7118d553f2756ebd16bbea44b56383ff

  • SHA1

    27a103bf2187ee215cafd6484806eb420d8b08ec

  • SHA256

    e6b29a131477f1333ae50797c3342c92a8e49c92001836db20ee6cd826e698b1

  • SHA512

    54abbb8ee91a4b130736b3b49fc19ec914b8ad5dde3b74ddcf8db476c8489a56a03d8e1596e59407449e820187fed4f135c83980d742212874236b36d0722924

  • SSDEEP

    24576:ymAe9I5oNnJH6V5mp4qkTPM3t1xA6t6mgQKgXKNCH4/c05FyQM:yPGSodJH4SPIMjxAv5XgXU/cayZ

Malware Config

Targets

    • Target

      Defender detected and quarantined active 'Trojan:Java/Jaraut.B' in file 'sparkk.sparkk' during a scheduled scan

    • Size

      1.0MB

    • MD5

      14c60d7c9ed65affcf0565ff94633a39

    • SHA1

      59b86277b79804fdefd7bfd68c63f9f3e44b2ad9

    • SHA256

      4fa8ab3763707bd8347f3a27faec2ac74f902af54b2074855eaf7410f9615874

    • SHA512

      bc4cd36959d714ffd1ca7a1668084117f8c0b053d0fb508f30675feb03730989fa1d63572a7fd2cfc76f99cf8d04329ee0bc8637dc9d1af3c4139400b46dad02

    • SSDEEP

      24576:8BysVM5qDErtZXREL9+9uohDNNNLIPNLI3NLIFNLIm:zqDytZh9uEZIPZI3ZIFZIm

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks