adwind | f7f3898f438251a9f5b3f673eeea7cbbf67e038d1a569226167613cd98a2cfb6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

QuasarSetup.jar
Size

2.5MB
Sample

240906-xgcejssgkd
MD5

a9c67848d7724678aca0a07d9e8240c8
SHA1

47ef05187c8d03e972cf2fa96b5f0fe56e0126af
SHA256

f7f3898f438251a9f5b3f673eeea7cbbf67e038d1a569226167613cd98a2cfb6
SHA512

6300902ecb5c10c1410e8f24620c073a3ceb25588c59f6512c643945d7b59512e31cf82737941f5d2d6a8763a9647238a1db02ef1186be702f886352a4dde539
SSDEEP

49152:VoQkUvyHs+ouau7nZAnkhHB/v2Q+Iu38KgzwgUrVVfsjrtWjl8QKHAnF:Vpk/s+20nZAnknvSMvsx3fsvtWD

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  QuasarSetup.jar
- Size
  
  2.5MB
- MD5
  
  a9c67848d7724678aca0a07d9e8240c8
- SHA1
  
  47ef05187c8d03e972cf2fa96b5f0fe56e0126af
- SHA256
  
  f7f3898f438251a9f5b3f673eeea7cbbf67e038d1a569226167613cd98a2cfb6
- SHA512
  
  6300902ecb5c10c1410e8f24620c073a3ceb25588c59f6512c643945d7b59512e31cf82737941f5d2d6a8763a9647238a1db02ef1186be702f886352a4dde539
- SSDEEP
  
  49152:VoQkUvyHs+ouau7nZAnkhHB/v2Q+Iu38KgzwgUrVVfsjrtWjl8QKHAnF:Vpk/s+20nZAnknvSMvsx3fsvtWD
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2