Overview

overview

10

Static

static

1

Important_PDF.jar

windows7-x64

10

Important_PDF.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02b881d84be4f8ff29971a8f519ee392_JaffaCakes118

  • Size

    462KB

  • Sample

    240427-jab9baee2s

  • MD5

    02b881d84be4f8ff29971a8f519ee392

  • SHA1

    f5d159bbbdefca7cb75899e74bdda23f83375e51

  • SHA256

    8f11bebc108656e52a948c2f8beb14387a8b536338954b32798a2437602af655

  • SHA512

    f491666e60b8e5df815391d22219a9d86ebc5ac6d000ff3cd2d010a41439e92519c30b8ba99f956f8f450235d46da3c1292683876d33a30b5692fd6fd26acb43

  • SSDEEP

    6144:4rvitrpm/VIa2QjZHBdkiFWkOKUDG09Pbo53kY3Jq3COtzgqNWkwIOl8bxcKngtA:vtrw/82CK0dk5KyOpQkOWxHg72

Score
10/10
adwinddiscoverypersistencetrojan

Malware Config

Targets

    • Target

      Important_PDF.jar

    • Size

      462KB

    • MD5

      b175787b273673e1f7f19e0a9da5b40f

    • SHA1

      130e711ab3e7675e9eee833a6c78143e5ddaca6b

    • SHA256

      e87ef88c193ffb4dbf56c43e79c1b3f043bbeead4324ad519da64ce0cae8988b

    • SHA512

      c612b38ab4fcebaa2ba5e1ba290220cdcaad62dd8f3aa6804e646fbb40f7f234bcdbafc480702b77cf761990ebc39412d3a0ee5ac8755d49bafa83b23cb8b20a

    • SSDEEP

      6144:Qrhi7rpA/VImkajNDBd0ilWkKKU1s0BPRkF32Yz7q3GOtzyqNSkUIOlmbxmKngta:j7r+/Is2+0BeFiWOpqk6oxBz

    Score
    10/10
    adwindpersistencetrojandiscovery

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

File and Directory Permissions Modification

1
T1222

Modify Registry

2
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks