General

  • Target

    ri.exe

  • Size

    629KB

  • Sample

    231202-gt6k6aac33

  • MD5

    8802b35e772df6b565003c2ffe35afcf

  • SHA1

    e4911aa5d0d6638466c203dbe14828851edf94e7

  • SHA256

    250fc0ed07c6d69ff0129c843fb42febefed22011857a1e7161e10ffa1e20ca6

  • SHA512

    04c3fe459de71fd1163ed9ad9c074b2481c712d31ce04701f6319442c36043e8bf604fc6f5b9fae3d28806cca26924b5dde3c36c2029062d4f99ced95e91799d

  • SSDEEP

    12288:SpdVfrKp5SBUOvkD/gKVGDHszAVXMG2n+z2x0K73AVdxGbw6H3MLVB6:Spd9K7MlGXwz+AV8G2OpvcwL

Score
10/10

Malware Config

Targets

    • Target

      ri.exe

    • Size

      629KB

    • MD5

      8802b35e772df6b565003c2ffe35afcf

    • SHA1

      e4911aa5d0d6638466c203dbe14828851edf94e7

    • SHA256

      250fc0ed07c6d69ff0129c843fb42febefed22011857a1e7161e10ffa1e20ca6

    • SHA512

      04c3fe459de71fd1163ed9ad9c074b2481c712d31ce04701f6319442c36043e8bf604fc6f5b9fae3d28806cca26924b5dde3c36c2029062d4f99ced95e91799d

    • SSDEEP

      12288:SpdVfrKp5SBUOvkD/gKVGDHszAVXMG2n+z2x0K73AVdxGbw6H3MLVB6:Spd9K7MlGXwz+AV8G2OpvcwL

    Score
    10/10
    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

    • Class file contains resources related to AdWind

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks