adwind | d27227df279ee367d08b79398b90a46bdbf9adbb432a10329f51f08e47167af5 | Triage

Sharing

General

Target

doc.jar
Size

486KB
Sample

240923-zxqm8azgnm
MD5

31535b46978c20c839b36256b0db5535
SHA1

922eede7cbbd8dc497c2ed98acf415c12e909c41
SHA256

d27227df279ee367d08b79398b90a46bdbf9adbb432a10329f51f08e47167af5
SHA512

c1ffb95f6a948729ac68ebc4f3db6b4c175bb1201297412f0410ad623630af12d95296fda82c457fa7ed710aeb5c105b3334e668302e03f5c1d9e3fe27f565ce
SSDEEP

6144:mbSOIWFSKd4idROQWykkWWlfw/frdiI5pxUb7gvY8ulmcCV/hIl0/0c2qna3PJ7v:aIvKdYcgP/DP5pxogQNUhIK/0c2qnM

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  doc.jar
- Size
  
  486KB
- MD5
  
  31535b46978c20c839b36256b0db5535
- SHA1
  
  922eede7cbbd8dc497c2ed98acf415c12e909c41
- SHA256
  
  d27227df279ee367d08b79398b90a46bdbf9adbb432a10329f51f08e47167af5
- SHA512
  
  c1ffb95f6a948729ac68ebc4f3db6b4c175bb1201297412f0410ad623630af12d95296fda82c457fa7ed710aeb5c105b3334e668302e03f5c1d9e3fe27f565ce
- SSDEEP
  
  6144:mbSOIWFSKd4idROQWykkWWlfw/frdiI5pxUb7gvY8ulmcCV/hIl0/0c2qna3PJ7v:aIvKdYcgP/DP5pxogQNUhIK/0c2qnM
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwindpersistencetrojan