adwind | d1f3d635c6a0312d121bf3db81d3e4c3b17e2f51de1a671a4f38c05106ecaa8d | Triage

Sharing

General

Target

182d3442a3dc5bf74a94ae07031d1c2b_JaffaCakes118
Size

505KB
Sample

240505-r69tfsdb3v
MD5

182d3442a3dc5bf74a94ae07031d1c2b
SHA1

7ae9cb619e75916419453e54ec45d8a899d3f040
SHA256

d1f3d635c6a0312d121bf3db81d3e4c3b17e2f51de1a671a4f38c05106ecaa8d
SHA512

ac32145a7c75e91b17bce8c2606eac3bcf38e90719271834841d43b673cbc5e6908e9ce64e7c450d5e229387c4ae5ed684c8e270be92853a7603f801aded88ec
SSDEEP

12288:u/YrsF3KJpXOgbEfl37wIt8RSEDVwpuSRTcHRJUkTvLCe:u/YrDSE+l3MMpgm0QAHRJ1h

Score

10^/10

adwind discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  ALTA_Settlement_Statement.jar
- Size
  
  520KB
- MD5
  
  4c99a48a48b433fd2cae8bedf9ac8a4b
- SHA1
  
  c3376603b694cf4a0c6728f3f14e9788d7031aa2
- SHA256
  
  9c7c9b7ed9afb6563f7064c2dcc2e760f149a6e42a79bb8aeb5bf51d1c983644
- SHA512
  
  b6e8b49359b9d106a79f9f56bbd25f3bf11c87fa1a4cd677834b8316500c51363bf0e7c370cbce06f67c9a9dac945f505770576415fbe0369c7a434c65a11304
- SSDEEP
  
  12288:XpYve6J3EJpX2g1C35RaxKMCIgfVwduSRfcjR1ysTvly:XpYveJiwm5H/TmgQ0jR1dM
Score

10^/10

adwind discovery evasion persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

adwinddiscoveryevasionpersistencetrojan