adwind | 6be54de0e7a127fa32cec773401fc04c39718a2e401ab80358452fea5b5cd879 | Triage

Sharing

General

Target

beca1664f56af9e52b4d45a9290f58d5_JaffaCakes118
Size

508KB
Sample

240824-rs2wpavamb
MD5

beca1664f56af9e52b4d45a9290f58d5
SHA1

cb02568f6f515d3f00d520467198ee56b211a023
SHA256

6be54de0e7a127fa32cec773401fc04c39718a2e401ab80358452fea5b5cd879
SHA512

ce4a9b8b29491edbe64aaf98b7b9837804bedeac3b1f3334dfe245da2e03d464014ecb7d733190edd340656e4620ca3daf62713c9c746559e2e464fd3688f358
SSDEEP

12288:e9pxkTi34icf4tlZbYyHYsQmoX+B4YRjdBitgIv5:e9px6sJbYyzRE+B4yjOtgQ

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  beca1664f56af9e52b4d45a9290f58d5_JaffaCakes118
- Size
  
  508KB
- MD5
  
  beca1664f56af9e52b4d45a9290f58d5
- SHA1
  
  cb02568f6f515d3f00d520467198ee56b211a023
- SHA256
  
  6be54de0e7a127fa32cec773401fc04c39718a2e401ab80358452fea5b5cd879
- SHA512
  
  ce4a9b8b29491edbe64aaf98b7b9837804bedeac3b1f3334dfe245da2e03d464014ecb7d733190edd340656e4620ca3daf62713c9c746559e2e464fd3688f358
- SSDEEP
  
  12288:e9pxkTi34icf4tlZbYyHYsQmoX+B4YRjdBitgIv5:e9px6sJbYyzRE+B4yjOtgQ
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwindpersistencetrojan