adwind | 8c0166df3b6e2049ffe880e1b58a0e80c45fe38c90427454037fc1e7c97baf8d | Triage

Sharing

General

Target

Extension.jar
Size

3.7MB
Sample

240925-wk51lascmf
MD5

27c5c0b9a8b222bb5a4e00e2f68854fb
SHA1

9b3289d041a8f27645f11e31f78aea5db29f2731
SHA256

8c0166df3b6e2049ffe880e1b58a0e80c45fe38c90427454037fc1e7c97baf8d
SHA512

24a43eebb58694d9a161b7f99fab93738c0a20fd8d4d7ccc2df8cb05563ba17d909f0a12097db1f5655bbba12743e0a1711d91aefe0a9ccf466aa9af25aed72a
SSDEEP

98304:IQ/BoHF0EB6zSymw/HmR7xSQ1kUG3y9e2ORKPD2Gv:F/BeF0jB/G9D1c4eXKZ

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  Extension.jar
- Size
  
  3.7MB
- MD5
  
  27c5c0b9a8b222bb5a4e00e2f68854fb
- SHA1
  
  9b3289d041a8f27645f11e31f78aea5db29f2731
- SHA256
  
  8c0166df3b6e2049ffe880e1b58a0e80c45fe38c90427454037fc1e7c97baf8d
- SHA512
  
  24a43eebb58694d9a161b7f99fab93738c0a20fd8d4d7ccc2df8cb05563ba17d909f0a12097db1f5655bbba12743e0a1711d91aefe0a9ccf466aa9af25aed72a
- SSDEEP
  
  98304:IQ/BoHF0EB6zSymw/HmR7xSQ1kUG3y9e2ORKPD2Gv:F/BeF0jB/G9D1c4eXKZ
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1