adwind | 1917afa516fb79da36ded6047e9cd7cc7413211acc55cf8fcef3c33f30e8f466 | Triage

Sharing

General

Target

Sorillus-Launcher v6.1.jar
Size

639KB
Sample

240309-2ps5gsdd8w
MD5

1372568356c7e3bda26552a536a320a0
SHA1

b6961dcfc1ba550274a3a51093eed8f2f99b8d3c
SHA256

1917afa516fb79da36ded6047e9cd7cc7413211acc55cf8fcef3c33f30e8f466
SHA512

0f15424913e30d36914b5855c7556502abb49168b6c72df760fdee83e16f1a7615a0739cdcc1a16715644bacbd238d08dc3e925ab852e03de4638d1398af297e
SSDEEP

12288:7nV4Qa/qICp8D4bY4wH/gI/dRP+9amNWJPgIhKRMt3quE2dkSdTD4q:7nGQO6p04Mn/gIn2vWJICfquZd3dTD4q

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  Sorillus-Launcher v6.1.jar
- Size
  
  639KB
- MD5
  
  1372568356c7e3bda26552a536a320a0
- SHA1
  
  b6961dcfc1ba550274a3a51093eed8f2f99b8d3c
- SHA256
  
  1917afa516fb79da36ded6047e9cd7cc7413211acc55cf8fcef3c33f30e8f466
- SHA512
  
  0f15424913e30d36914b5855c7556502abb49168b6c72df760fdee83e16f1a7615a0739cdcc1a16715644bacbd238d08dc3e925ab852e03de4638d1398af297e
- SSDEEP
  
  12288:7nV4Qa/qICp8D4bY4wH/gI/dRP+9amNWJPgIhKRMt3quE2dkSdTD4q:7nGQO6p04Mn/gIn2vWJICfquZd3dTD4q
Score

7^/10

discovery persistence
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence