adwind | 669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333 | Triage

Sharing

General

Target

669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333.jar
Size

622KB
Sample

240229-f6lwvafd9x
MD5

efd645a5c1c5a8ebfee8f1cb2a139920
SHA1

58e80fdbabec6c26ba09d7c34ee075b0be6017c2
SHA256

669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333
SHA512

c886dd8b5a8de9ea791c62e3caaf439387f051214b58085e5037e3eec59a17ee0225f31c12c0737a1b721c98d314dcbfc935ef683e89391f1cbc3d4770d9e709
SSDEEP

12288:y2/TdQOo5CKAGqMJIBKGUuR8PALJj28/VSVjMkbdMY02C+HLzqE:yo5MJ/GhRrLJj28NSVjjbA2hf

Score

10^/10

adwind discovery trojan

Malware Config

Targets

- Target
  
  669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333.jar
- Size
  
  622KB
- MD5
  
  efd645a5c1c5a8ebfee8f1cb2a139920
- SHA1
  
  58e80fdbabec6c26ba09d7c34ee075b0be6017c2
- SHA256
  
  669a95f4fb366c02950b52b86f5d906dc150bca3fa710453a49eddef3471a333
- SHA512
  
  c886dd8b5a8de9ea791c62e3caaf439387f051214b58085e5037e3eec59a17ee0225f31c12c0737a1b721c98d314dcbfc935ef683e89391f1cbc3d4770d9e709
- SSDEEP
  
  12288:y2/TdQOo5CKAGqMJIBKGUuR8PALJj28/VSVjMkbdMY02C+HLzqE:yo5MJ/GhRrLJj28NSVjjbA2hf
Score

10^/10

adwind trojan discovery
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2