adwind | 739d2d19e79d073f9e1d1489c145879cff44c2c91e5d691d53ccc8599ac8a467 | Triage

Sharing

General

Target

Zelo-Client.jar
Size

639KB
Sample

241020-2sxl3svdja
MD5

8bac893810be1acf6b083f16363a73cf
SHA1

d291c9dc85d7df6f1222d8bcaf5bb10e2578fa56
SHA256

739d2d19e79d073f9e1d1489c145879cff44c2c91e5d691d53ccc8599ac8a467
SHA512

e9dcb3dcd6924b61c67af33e88d59bc9d6b2e626234eb09aa18463e09622670d1d220024e9a504b44de23ca88bb426f295968e8d7dd644f49128c8ca7ed4d629
SSDEEP

12288:hTVSQY/o6EXir4XWAaZXgY/dR3+ZgGN29BgQViRqT3iuE2FQS/LDsj:hTIQUkXK4GTXgYHaF29+GXiuZFr/LDsj

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  Zelo-Client.jar
- Size
  
  639KB
- MD5
  
  8bac893810be1acf6b083f16363a73cf
- SHA1
  
  d291c9dc85d7df6f1222d8bcaf5bb10e2578fa56
- SHA256
  
  739d2d19e79d073f9e1d1489c145879cff44c2c91e5d691d53ccc8599ac8a467
- SHA512
  
  e9dcb3dcd6924b61c67af33e88d59bc9d6b2e626234eb09aa18463e09622670d1d220024e9a504b44de23ca88bb426f295968e8d7dd644f49128c8ca7ed4d629
- SSDEEP
  
  12288:hTVSQY/o6EXir4XWAaZXgY/dR3+ZgGN29BgQViRqT3iuE2FQS/LDsj:hTIQUkXK4GTXgYHaF29+GXiuZFr/LDsj
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1