adwind | da64ce75fb68dfbdfada3a2b220156711c662b89fcbfedcc9ac9a84fe40a3d53 | Triage

Sharing

General

Target

ZeloClient.jar
Size

639KB
Sample

241020-mkx6batcmf
MD5

225f0dcf98252d2fee4b06ad0273880b
SHA1

93c0fb717375656ac79b85a6c5d1d2d01f5bd3ce
SHA256

da64ce75fb68dfbdfada3a2b220156711c662b89fcbfedcc9ac9a84fe40a3d53
SHA512

7b74d43ab18550794004fc8dc0ae21e8e37487ec0b108a9053b77d40c1f027379da568efab54a91b1a889c33ddd20e0e154a6d47faa0f3fc573bc49d6da0e2c7
SSDEEP

12288:GDrRQp/LzVkzp4h5IFcLgK/PRL+hzEN23SgSNCRVM3suY2VIS6dDcK:GDdQpdk94PzLgKRWq23zExsuVVT6dDcK

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  ZeloClient.jar
- Size
  
  639KB
- MD5
  
  225f0dcf98252d2fee4b06ad0273880b
- SHA1
  
  93c0fb717375656ac79b85a6c5d1d2d01f5bd3ce
- SHA256
  
  da64ce75fb68dfbdfada3a2b220156711c662b89fcbfedcc9ac9a84fe40a3d53
- SHA512
  
  7b74d43ab18550794004fc8dc0ae21e8e37487ec0b108a9053b77d40c1f027379da568efab54a91b1a889c33ddd20e0e154a6d47faa0f3fc573bc49d6da0e2c7
- SSDEEP
  
  12288:GDrRQp/LzVkzp4h5IFcLgK/PRL+hzEN23SgSNCRVM3suY2VIS6dDcK:GDdQpdk94PzLgKRWq23zExsuVVT6dDcK
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2