adwind | aa95c0aa1fa6efb5123d150ce2cf9eae860cf15391b21560fd79088a84fbcd99 | Triage

Sharing

General

Target

54e8fbf0609b77a33c5b9d939fc19d15_JaffaCakes118
Size

535KB
Sample

240518-qk4jwadd63
MD5

54e8fbf0609b77a33c5b9d939fc19d15
SHA1

60043193630412e9b006e6d4a5334375ffe871ed
SHA256

aa95c0aa1fa6efb5123d150ce2cf9eae860cf15391b21560fd79088a84fbcd99
SHA512

1e9382482d4adadaa27870095756d348c035c046a6ae8b6a4c59ba037ce2fa4af4493fe150d54f39be5239eee2e4db5a287538faffc864c9b68ff07e0255e5bc
SSDEEP

12288:Qru1rDT5oxTPErT8ApZh+cTClRqcLdjKJO9xNiVwPYVYZ6CV9:1axbKDZhzClRXKc/iJs

Score

10^/10

adwind latentbot discovery evasion persistence trojan

Malware Config

Extracted

Family

latentbot

C2

ebukaalilonu.zapto.org

Targets

- Target
  
  54e8fbf0609b77a33c5b9d939fc19d15_JaffaCakes118
- Size
  
  535KB
- MD5
  
  54e8fbf0609b77a33c5b9d939fc19d15
- SHA1
  
  60043193630412e9b006e6d4a5334375ffe871ed
- SHA256
  
  aa95c0aa1fa6efb5123d150ce2cf9eae860cf15391b21560fd79088a84fbcd99
- SHA512
  
  1e9382482d4adadaa27870095756d348c035c046a6ae8b6a4c59ba037ce2fa4af4493fe150d54f39be5239eee2e4db5a287538faffc864c9b68ff07e0255e5bc
- SSDEEP
  
  12288:Qru1rDT5oxTPErT8ApZh+cTClRqcLdjKJO9xNiVwPYVYZ6CV9:1axbKDZhzClRXKc/iJs
Score

10^/10

adwind latentbot discovery evasion persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

adwindlatentbotdiscoveryevasionpersistencetrojan