adwind | 551fb2790678efef59de74ea3fa9b3e9e3f04b098404eeab2a4073dfd017e859 | Triage

Sharing

General

Target

ORDER_245230978.pdf.js
Size

8KB
Sample

240523-hxy6xsha72
MD5

86819791755b6bd761eee6ab198d1154
SHA1

a7351e1632407cfdba9e2a33efe70e0d12c5b4e0
SHA256

551fb2790678efef59de74ea3fa9b3e9e3f04b098404eeab2a4073dfd017e859
SHA512

5d5a058bcdefa702ddf81da8bc50696fbb989dc31f2db43a704229c7177ea2a2ea64944db2d6d6d6541eaebfcc9fff4130642f375417129999503d02ba4f0ca3
SSDEEP

192:EpIjKSLOyYtuvJ5Lv8jKS2bBAaWEEu8jKSosMQMjjGMRo3JnObUJOjKSmpJ7L:IsO4j0P

Score

10^/10

adwind discovery execution persistence trojan

Malware Config

Targets

- Target
  
  ORDER_245230978.pdf.js
- Size
  
  8KB
- MD5
  
  86819791755b6bd761eee6ab198d1154
- SHA1
  
  a7351e1632407cfdba9e2a33efe70e0d12c5b4e0
- SHA256
  
  551fb2790678efef59de74ea3fa9b3e9e3f04b098404eeab2a4073dfd017e859
- SHA512
  
  5d5a058bcdefa702ddf81da8bc50696fbb989dc31f2db43a704229c7177ea2a2ea64944db2d6d6d6541eaebfcc9fff4130642f375417129999503d02ba4f0ca3
- SSDEEP
  
  192:EpIjKSLOyYtuvJ5Lv8jKS2bBAaWEEu8jKSosMQMjjGMRo3JnObUJOjKSmpJ7L:IsO4j0P
Score

10^/10

adwind execution persistence trojan discovery
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Class file contains resources related to AdWind
- Detect jar appended to MSI
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

Install Root Certificate

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwindexecutionpersistencetrojan

behavioral2

adwinddiscoveryexecutionpersistencetrojan