adwind | f77617921c5fb6f8114eca9fe330b8d2bfc3a99c4f581f3f9a8282a31d528aeb | Triage

Submit
Reports

Overview

overview

Static

static

NewOrder -...97.jar

windows7-x64

1

NewOrder -...97.jar

windows10-2004-x64

Sharing

General

Target

NewOrder - P2D041197.jar
Size

628KB
Sample

240417-fnjzjaec89
MD5

bc34f4e23dca52ed6425b46a3dcf5e95
SHA1

e82affa4fea489146e3deb803efdb561a394073f
SHA256

f77617921c5fb6f8114eca9fe330b8d2bfc3a99c4f581f3f9a8282a31d528aeb
SHA512

2f3a171e9ada6f10b4ed182f5fdb4ec7086f99def55db52f2663980eff2009048b6a240f30c7c9e3ba518b4075c79bc77faa5e613e590f823abc1e613385123a
SSDEEP

12288:Cz396wbsskjH0PljDlBPfPSlU5XhBFDYU1SkzuiSn/BIu9:s39bssOUP1l9fPScXhfg3z

Score

10^/10

adwind discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NewOrder - P2D041197.jar

Resource

win7-20240319-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

NewOrder - P2D041197.jar

Resource

win10v2004-20240412-en

adwind discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  NewOrder - P2D041197.jar
- Size
  
  628KB
- MD5
  
  bc34f4e23dca52ed6425b46a3dcf5e95
- SHA1
  
  e82affa4fea489146e3deb803efdb561a394073f
- SHA256
  
  f77617921c5fb6f8114eca9fe330b8d2bfc3a99c4f581f3f9a8282a31d528aeb
- SHA512
  
  2f3a171e9ada6f10b4ed182f5fdb4ec7086f99def55db52f2663980eff2009048b6a240f30c7c9e3ba518b4075c79bc77faa5e613e590f823abc1e613385123a
- SSDEEP
  
  12288:Cz396wbsskjH0PljDlBPfPSlU5XhBFDYU1SkzuiSn/BIu9:s39bssOUP1l9fPScXhfg3z
Score

10^/10

adwind discovery trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

adwinddiscoverytrojan

© 2018-2024

Terms | Privacy