adwind | 4aa9b83f4fc98023cd6d31cdd286d3f3b7edf3074d68a4b095497b57ab3246c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

s33x.jar
Size

656KB
Sample

240531-n98tsagd91
MD5

380d5aac540de95023fc14a02cb35434
SHA1

84bb09f112af8b24c901d03db1795e56549a6eaf
SHA256

4aa9b83f4fc98023cd6d31cdd286d3f3b7edf3074d68a4b095497b57ab3246c1
SHA512

3b4247d08371bfe102937487592ba3e4e3c85bd90e619b101669eec10345662a33b12b4e9644cc88fc2f547b4969767598f4aaf6f32afb8dbadee0446b05542c
SSDEEP

12288:8vz/Qz/VhP2JB41bEvWTge/zRn+NxQNWzcgix+RTq3ou82ZcSIVDMa:8vbQr72D4J7Tge9mUWzh4ZouBZfIVDMa

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  s33x.jar
- Size
  
  656KB
- MD5
  
  380d5aac540de95023fc14a02cb35434
- SHA1
  
  84bb09f112af8b24c901d03db1795e56549a6eaf
- SHA256
  
  4aa9b83f4fc98023cd6d31cdd286d3f3b7edf3074d68a4b095497b57ab3246c1
- SHA512
  
  3b4247d08371bfe102937487592ba3e4e3c85bd90e619b101669eec10345662a33b12b4e9644cc88fc2f547b4969767598f4aaf6f32afb8dbadee0446b05542c
- SSDEEP
  
  12288:8vz/Qz/VhP2JB41bEvWTge/zRn+NxQNWzcgix+RTq3ou82ZcSIVDMa:8vbQr72D4J7Tge9mUWzh4ZouBZfIVDMa
Score

7^/10

discovery persistence
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence