General

  • Target

    jre1.8.0_361.zip

  • Size

    89.4MB

  • Sample

    231202-e49z8ahg91

  • MD5

    750f5b13fe1ee71497f5228138e4f8c7

  • SHA1

    c8cdfcfb3179cbbe5fe8c4bb7f920dd7c5486b1d

  • SHA256

    ce236d04aae0118265f73e1775a0ce05aa6357e0922905b2d08540f100c37ee5

  • SHA512

    a3dee9b2312a4dda610e8250edfc325ce469e9cb288d69432a6e941922ccde3c6a26ef9002a91d27c918a4830e795405931e3f33d049e5a047fa6fb02a55d016

  • SSDEEP

    1572864:ULMQwl1f2KpJtnskXD8ma7p4ABTv8pMyhONCQ0dk80G9EOymJKAQn5cST7gJJ5Xt:qwlV9Jh/Da7pLTvUO70dk80G9EOVm5lS

Score
10/10

Malware Config

Targets

    • Target

      sorrilus.exe

    • Size

      10.3MB

    • MD5

      e4732ee9e8c0aa3276a51141b8b9b2d9

    • SHA1

      3f5a763f1571551505fe89bdb2287b001a8ff009

    • SHA256

      314278fc36d4bf2c2051c64b5dd274c6254e51c8db45bb5174750839f63bab53

    • SHA512

      207c194c0d8554d84bbbecda4f06c746bdf3a77b3db0cab1717c029244d5f86a1357e9c3861f53e5e19f6b5d00d77c18cd923ef6d93b94eeb0128300872ae0a4

    • SSDEEP

      196608:O2SvZ+chSsAhnS9+vFKWdfnP4L20N37Y2BqJMUrE6ed1g2ceCLTG1L09+Y7Ru:OlvZxBAA+vF55AL20UaeVy1pceCXEL09

    Score
    10/10
    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Class file contains resources related to AdWind

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks