General

  • Target

    sorrilus.exe

  • Size

    10.3MB

  • Sample

    231202-e724sahh75

  • MD5

    e4732ee9e8c0aa3276a51141b8b9b2d9

  • SHA1

    3f5a763f1571551505fe89bdb2287b001a8ff009

  • SHA256

    314278fc36d4bf2c2051c64b5dd274c6254e51c8db45bb5174750839f63bab53

  • SHA512

    207c194c0d8554d84bbbecda4f06c746bdf3a77b3db0cab1717c029244d5f86a1357e9c3861f53e5e19f6b5d00d77c18cd923ef6d93b94eeb0128300872ae0a4

  • SSDEEP

    196608:O2SvZ+chSsAhnS9+vFKWdfnP4L20N37Y2BqJMUrE6ed1g2ceCLTG1L09+Y7Ru:OlvZxBAA+vF55AL20UaeVy1pceCXEL09

Malware Config

Targets

    • Target

      sorrilus.exe

    • Size

      10.3MB

    • MD5

      e4732ee9e8c0aa3276a51141b8b9b2d9

    • SHA1

      3f5a763f1571551505fe89bdb2287b001a8ff009

    • SHA256

      314278fc36d4bf2c2051c64b5dd274c6254e51c8db45bb5174750839f63bab53

    • SHA512

      207c194c0d8554d84bbbecda4f06c746bdf3a77b3db0cab1717c029244d5f86a1357e9c3861f53e5e19f6b5d00d77c18cd923ef6d93b94eeb0128300872ae0a4

    • SSDEEP

      196608:O2SvZ+chSsAhnS9+vFKWdfnP4L20N37Y2BqJMUrE6ed1g2ceCLTG1L09+Y7Ru:OlvZxBAA+vF55AL20UaeVy1pceCXEL09

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Class file contains resources related to AdWind

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks