Overview

overview

10

Static

static

10

5743f28c07...18.jar

windows7-x64

10

5743f28c07...18.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5743f28c07c9883b607f3fc713f6441a_JaffaCakes118

  • Size

    478KB

  • Sample

    240518-2w3mhach27

  • MD5

    5743f28c07c9883b607f3fc713f6441a

  • SHA1

    d9e11fa656705483b5ad6cce79f7c0253a32e101

  • SHA256

    e8da125fac8c4ef0afcd0fcbb2bd0466c55413fa5472bbbfc0e18cace6bc1ee7

  • SHA512

    35e079ff1d0db8ded983625e0b57e59db30113f62c7229440d5c8ba0c6ee06379d46175e78f7afee6edc82554ffb933d8e79de1f37b1dd1f77e1e088c6a1a160

  • SSDEEP

    6144:PLla1UnpvcFT8A3Zhc7AqI27rxQsiI5pxUb7gvY8ulmcCV/hIl0/0c2qna3PJ7p/:TcUP8+7BO65pxogQNUhIK/0c2qnAz

Score
10/10
adwinddiscoverypersistencetrojan

Malware Config

Targets

    • Target

      5743f28c07c9883b607f3fc713f6441a_JaffaCakes118

    • Size

      478KB

    • MD5

      5743f28c07c9883b607f3fc713f6441a

    • SHA1

      d9e11fa656705483b5ad6cce79f7c0253a32e101

    • SHA256

      e8da125fac8c4ef0afcd0fcbb2bd0466c55413fa5472bbbfc0e18cace6bc1ee7

    • SHA512

      35e079ff1d0db8ded983625e0b57e59db30113f62c7229440d5c8ba0c6ee06379d46175e78f7afee6edc82554ffb933d8e79de1f37b1dd1f77e1e088c6a1a160

    • SSDEEP

      6144:PLla1UnpvcFT8A3Zhc7AqI27rxQsiI5pxUb7gvY8ulmcCV/hIl0/0c2qna3PJ7p/:TcUP8+7BO65pxogQNUhIK/0c2qnAz

    Score
    10/10
    adwindpersistencetrojandiscovery

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks