adwind | 671f8df8166a221bc6797327c2ef6710d41ff6dc2c57fb918521fcf05582e7be | Triage

Sharing

General

Target

monks_mods.jar
Size

639KB
Sample

240411-1sgp7ahf2t
MD5

43e7939ed7b494b6264cc78de489d13c
SHA1

6b2ad36d0ff46c0c3dc3d598a21468216c1e79f8
SHA256

671f8df8166a221bc6797327c2ef6710d41ff6dc2c57fb918521fcf05582e7be
SHA512

0e9a4faec200b6bd2a202f2a5496f456db0924f422f7c0ce5c3c3ad57fd4726a99ffd134fbe9b41f1bc26fc26f1ffb4ee5c660aefa80d856680e28c9264c00dd
SSDEEP

12288:rbJUQC/ekGhk/4DUoozjgM/BRX+N6mNKpXggB+RY53yuM2JQS57Dkr:rbqQGehE44XjgMjGrKpwKnyuxJr57Dkr

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  monks_mods.jar
- Size
  
  639KB
- MD5
  
  43e7939ed7b494b6264cc78de489d13c
- SHA1
  
  6b2ad36d0ff46c0c3dc3d598a21468216c1e79f8
- SHA256
  
  671f8df8166a221bc6797327c2ef6710d41ff6dc2c57fb918521fcf05582e7be
- SHA512
  
  0e9a4faec200b6bd2a202f2a5496f456db0924f422f7c0ce5c3c3ad57fd4726a99ffd134fbe9b41f1bc26fc26f1ffb4ee5c660aefa80d856680e28c9264c00dd
- SSDEEP
  
  12288:rbJUQC/ekGhk/4DUoozjgM/BRX+N6mNKpXggB+RY53yuM2JQS57Dkr:rbqQGehE44XjgMjGrKpwKnyuxJr57Dkr
Score

7^/10

discovery persistence
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoverypersistence