Overview

overview

10

Static

static

1

ORDER_2452...pdf.js

windows7-x64

10

ORDER_2452...pdf.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER_245230978.pdf.js

  • Size

    8KB

  • Sample

    240523-hxy6xsha72

  • MD5

    86819791755b6bd761eee6ab198d1154

  • SHA1

    a7351e1632407cfdba9e2a33efe70e0d12c5b4e0

  • SHA256

    551fb2790678efef59de74ea3fa9b3e9e3f04b098404eeab2a4073dfd017e859

  • SHA512

    5d5a058bcdefa702ddf81da8bc50696fbb989dc31f2db43a704229c7177ea2a2ea64944db2d6d6d6541eaebfcc9fff4130642f375417129999503d02ba4f0ca3

  • SSDEEP

    192:EpIjKSLOyYtuvJ5Lv8jKS2bBAaWEEu8jKSosMQMjjGMRo3JnObUJOjKSmpJ7L:IsO4j0P

Score
10/10
adwinddiscoveryexecutionpersistencetrojan

Malware Config

Targets

    • Target

      ORDER_245230978.pdf.js

    • Size

      8KB

    • MD5

      86819791755b6bd761eee6ab198d1154

    • SHA1

      a7351e1632407cfdba9e2a33efe70e0d12c5b4e0

    • SHA256

      551fb2790678efef59de74ea3fa9b3e9e3f04b098404eeab2a4073dfd017e859

    • SHA512

      5d5a058bcdefa702ddf81da8bc50696fbb989dc31f2db43a704229c7177ea2a2ea64944db2d6d6d6541eaebfcc9fff4130642f375417129999503d02ba4f0ca3

    • SSDEEP

      192:EpIjKSLOyYtuvJ5Lv8jKS2bBAaWEEu8jKSosMQMjjGMRo3JnObUJOjKSmpJ7L:IsO4j0P

    Score
    10/10
    adwindexecutionpersistencetrojandiscovery

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Class file contains resources related to AdWind

    • Detect jar appended to MSI

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks