Overview

overview

10

Static

static

1

1040.jar

windows7-x64

10

1040.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63bf60c66573b8ae96df8c573ee93cca_JaffaCakes118

  • Size

    491KB

  • Sample

    240521-smfa6sac2y

  • MD5

    63bf60c66573b8ae96df8c573ee93cca

  • SHA1

    f2202e8ea056d1da6e2a7c6e62c060c6372cfd9d

  • SHA256

    832f7dc68fe005bddcf38b567541262a39bcc038e184625e6fa6faf31190b817

  • SHA512

    b8c4e4c61650ab0107e90fe8e6bcf70d26cfa7790f25136b954894c1ea4bd207d7565c97b83863f9a8ee3cc9946cd580c82b214e779c8488fcc171f6c9c2eb51

  • SSDEEP

    12288:h70BdTxA7lcJmCvD4RCTtBe9/VnOeFukyH:poApxhCTtUnOSE

Score
10/10
adwinddiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      1040.jar

    • Size

      491KB

    • MD5

      eb512c565d7a9d44ed61d99005cca2c5

    • SHA1

      2f13111c37858624ee4f09f52a35e88d8e09d972

    • SHA256

      12e8f60b7c23b21cc0d2d1cedb734aa17ecefef65770f34424388aec590cbaae

    • SHA512

      0386d9efebe6e7f408965557705687fc1d12183057ad14535530be789adf60f62bbba779ab2257f1145c02b16a547f10c1120a20ed1bcb437809f692025599ec

    • SSDEEP

      12288:o70BB5xG3FGjwQH9WRuT5n6VBP/aenO0u:MyG1vPuT5C/aGQ

    Score
    10/10
    adwindevasionpersistencetrojandiscovery

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Disables use of System Restore points

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

3
T1112

File and Directory Permissions Modification

1
T1222

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Resource Development

Reconnaissance

Tasks