adwind | b818d2d4e3c879d076efd2f9a1c30bdb412c354245d95b31eeba607fce68a7fd | Triage

Sharing

General

Target

79f0ee0dfab6d107dcf4632f559ff3ae_JaffaCakes118
Size

489KB
Sample

240527-v6w45sbg9t
MD5

79f0ee0dfab6d107dcf4632f559ff3ae
SHA1

6c7727e2a2e467234757b71d275794073e77ac31
SHA256

b818d2d4e3c879d076efd2f9a1c30bdb412c354245d95b31eeba607fce68a7fd
SHA512

b71ece005dec547218e5bba8d76352c079d85f920ebf81d365a55b874d3b111b9ef71273723974a9056c0f3c90f430628ffe79d65859c3c6774d2da6a85b7315
SSDEEP

12288:ujUyciIk9XyLLz/cZx1NAKzL0dy8ukE2zhGO:u/cIXsXcZxB30dH7zhGO

Score

10^/10

adwind discovery persistence trojan

Malware Config

Targets

- Target
  
  79f0ee0dfab6d107dcf4632f559ff3ae_JaffaCakes118
- Size
  
  489KB
- MD5
  
  79f0ee0dfab6d107dcf4632f559ff3ae
- SHA1
  
  6c7727e2a2e467234757b71d275794073e77ac31
- SHA256
  
  b818d2d4e3c879d076efd2f9a1c30bdb412c354245d95b31eeba607fce68a7fd
- SHA512
  
  b71ece005dec547218e5bba8d76352c079d85f920ebf81d365a55b874d3b111b9ef71273723974a9056c0f3c90f430628ffe79d65859c3c6774d2da6a85b7315
- SSDEEP
  
  12288:ujUyciIk9XyLLz/cZx1NAKzL0dy8ukE2zhGO:u/cIXsXcZxB30dH7zhGO
Score

10^/10

adwind persistence trojan discovery
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

adwinddiscoverypersistencetrojan