adwind | e931b680546635cc1c26e6090bc3f2df01a5ccf753171ad205cd4bf3ac337d8f | Triage

Submit
Reports

Overview

overview

Static

static

59ea95bf89...d9.jar

windows7-x64

59ea95bf89...d9.jar

windows10-2004-x64

7

Sharing

General

Target

979ba6af6f6adf0930ab75ecea1b450f.bin
Size

634KB
Sample

240418-b1sd8afd96
MD5

f8ca571dc47094d4242d82dbaf24259a
SHA1

d260de417810f6aaa77ac9a6edca93b9655b1b77
SHA256

e931b680546635cc1c26e6090bc3f2df01a5ccf753171ad205cd4bf3ac337d8f
SHA512

998d10043b14a9801f2af88b6c497230352c85c6551007e345a72092a8fcf742743b873e3e4db667cec8b9187bb7cb739cb1480b72a38b96dec33fa1fd917dca
SSDEEP

12288:rWTHsI3R6M9huK1dqWy8lSBH4bF/ttgR3Kg5oI8SXiSUH437:aB6M5hR0BH4bFE3toR437

Score

10^/10

adwind discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

59ea95bf89900dadb2e085d910bd72f71239a11b01c7f4c5e8feb0aea1a2c1d9.jar

Resource

win7-20240220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

59ea95bf89900dadb2e085d910bd72f71239a11b01c7f4c5e8feb0aea1a2c1d9.jar

Resource

win10v2004-20240412-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  59ea95bf89900dadb2e085d910bd72f71239a11b01c7f4c5e8feb0aea1a2c1d9.jar
- Size
  
  634KB
- MD5
  
  979ba6af6f6adf0930ab75ecea1b450f
- SHA1
  
  1153c96b460ca99ecb21fd4eb3b90919ba827e90
- SHA256
  
  59ea95bf89900dadb2e085d910bd72f71239a11b01c7f4c5e8feb0aea1a2c1d9
- SHA512
  
  fd50d7b463ecd2c76afcf677512f6e789e0ccd44056c90a8b5096c8a1d9c09e7b1da5d0abb98c5018ec23faeb559cd2b674e43f5cfe69fb1846e4cd7e6167818
- SSDEEP
  
  12288:FkQrFVhCTXI38nXLt1+VmnBcN+b/bYBGs4Ty0qZBZUjWzdNkE7LKJU27DG:v/hkYWbtqmnucbFIUjWzdJLKJU27DG
Score

10^/10

adwind trojan discovery
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy