adwind | f096109b5e23f6a1e0c3388d14faf00b1c4be8af5498b11548c8731b96259129 | Triage

Resubmissions

11/03/2024, 15:32

240311-sy293sad34 10

11/02/2024, 17:23

240211-vyhxjsaa4s 10

Sharing

General

Target

XDemonsSkeetStyleLeak.jar
Size

3.8MB
Sample

240211-vyhxjsaa4s
MD5

8eaf647dfb34faa67b34b3af95774dc4
SHA1

d96ae71d90a4b1af9fd951de2974e2ba135b51fe
SHA256

f096109b5e23f6a1e0c3388d14faf00b1c4be8af5498b11548c8731b96259129
SHA512

784e1d738fbf105457db00a1863fc826640b579315f652c8abd3d2b0014e4a677f75d06d6ab11fbe882b2486914597fa20686b4a1576f667ea6f9d473fd0c6ae
SSDEEP

98304:DP+7oAwItpzdgj2WistOIk8AevgvmgCFBpxex7cU:j+75wI/wicBWeo7Cxxg

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  XDemonsSkeetStyleLeak.jar
- Size
  
  3.8MB
- MD5
  
  8eaf647dfb34faa67b34b3af95774dc4
- SHA1
  
  d96ae71d90a4b1af9fd951de2974e2ba135b51fe
- SHA256
  
  f096109b5e23f6a1e0c3388d14faf00b1c4be8af5498b11548c8731b96259129
- SHA512
  
  784e1d738fbf105457db00a1863fc826640b579315f652c8abd3d2b0014e4a677f75d06d6ab11fbe882b2486914597fa20686b4a1576f667ea6f9d473fd0c6ae
- SSDEEP
  
  98304:DP+7oAwItpzdgj2WistOIk8AevgvmgCFBpxex7cU:j+75wI/wicBWeo7Cxxg
Score

7^/10

discovery persistence
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoverypersistence