adwind | c07457d43328fbff10de5c39e1534788837136e5c7417122ddf44f544ca992cc | Triage

Sharing

General

Target

5edf5cdedfe9e5ba1dad25f093d9975f_JaffaCakes118
Size

473KB
Sample

241019-1t79jatbpk
MD5

5edf5cdedfe9e5ba1dad25f093d9975f
SHA1

121de430b12b137040627d5d71caabbc38228d3c
SHA256

c07457d43328fbff10de5c39e1534788837136e5c7417122ddf44f544ca992cc
SHA512

7dc1f621d5d111a0ff992f25d5a668540bfa8039c2e3b95be609f0d437d145c804854052508d536a45e835bc8c7b0c6ae92b4e81c1833c3cfbe6accb712cfe08
SSDEEP

12288:pRYtOykyGA2XIV5pxogQNUhIK/0c2qnAL:pRY3kFfXUsS7B2qnc

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  5edf5cdedfe9e5ba1dad25f093d9975f_JaffaCakes118
- Size
  
  473KB
- MD5
  
  5edf5cdedfe9e5ba1dad25f093d9975f
- SHA1
  
  121de430b12b137040627d5d71caabbc38228d3c
- SHA256
  
  c07457d43328fbff10de5c39e1534788837136e5c7417122ddf44f544ca992cc
- SHA512
  
  7dc1f621d5d111a0ff992f25d5a668540bfa8039c2e3b95be609f0d437d145c804854052508d536a45e835bc8c7b0c6ae92b4e81c1833c3cfbe6accb712cfe08
- SSDEEP
  
  12288:pRYtOykyGA2XIV5pxogQNUhIK/0c2qnAL:pRY3kFfXUsS7B2qnc
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

adwindpersistencetrojan