adwind | f968744cb42b0bd4a968a80d6cff0220982fac34c7814d66426f58ee03cef4a6 | Triage

Sharing

General

Target

f2b44eb9aabd2b1af418dfd5ed71bb1f_JaffaCakes118
Size

743KB
Sample

240923-vcm95sxbjh
MD5

f2b44eb9aabd2b1af418dfd5ed71bb1f
SHA1

0475e991663ddd0551416b3df92c048bcd2a1bb1
SHA256

f968744cb42b0bd4a968a80d6cff0220982fac34c7814d66426f58ee03cef4a6
SHA512

31ed1f7548f74cfcad0c225a4188268dd98fbfe4770bd7ee9badd41841242e3b9416c3a20452869d18f39cbb7e0d6a87771ff9ed0e72b4b81a84e6856349ab33
SSDEEP

12288:oGkpBfAv6MZ+04vDweFv2MI9YfyE348RTnyia/lnwj825p5Yis:oGEAvj+X1l4YfyEIWTneta8sc

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  f2b44eb9aabd2b1af418dfd5ed71bb1f_JaffaCakes118
- Size
  
  743KB
- MD5
  
  f2b44eb9aabd2b1af418dfd5ed71bb1f
- SHA1
  
  0475e991663ddd0551416b3df92c048bcd2a1bb1
- SHA256
  
  f968744cb42b0bd4a968a80d6cff0220982fac34c7814d66426f58ee03cef4a6
- SHA512
  
  31ed1f7548f74cfcad0c225a4188268dd98fbfe4770bd7ee9badd41841242e3b9416c3a20452869d18f39cbb7e0d6a87771ff9ed0e72b4b81a84e6856349ab33
- SSDEEP
  
  12288:oGkpBfAv6MZ+04vDweFv2MI9YfyE348RTnyia/lnwj825p5Yis:oGEAvj+X1l4YfyEIWTneta8sc
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwindpersistencetrojan