General
-
Target
muauah.bat
-
Size
1.1MB
-
Sample
241020-wja4tstdrq
-
MD5
94cc6e771b56847356601c55584f834f
-
SHA1
2da874abb3a6992b86ec82ad6b6fc592f86079e6
-
SHA256
59002b993e3d16c596e1090a564623d21171fa8aac71f3d61c4ccd11bd60db75
-
SHA512
96157638b6a41267e83b93aaa0083d8dd548b2c62054f5d5a7139d4de189483022fdb55effede71f1288e6420ca5a812d50c4fb710f80b923132fe2f1e4e08e0
-
SSDEEP
24576:N2Ijc+wFpcVR471mHracm9vAW3nE0FIug7UdbD6w:NiomwGB9RxWhIt9
Malware Config
Targets
-
-
Target
muauah.bat
-
Size
1.1MB
-
MD5
94cc6e771b56847356601c55584f834f
-
SHA1
2da874abb3a6992b86ec82ad6b6fc592f86079e6
-
SHA256
59002b993e3d16c596e1090a564623d21171fa8aac71f3d61c4ccd11bd60db75
-
SHA512
96157638b6a41267e83b93aaa0083d8dd548b2c62054f5d5a7139d4de189483022fdb55effede71f1288e6420ca5a812d50c4fb710f80b923132fe2f1e4e08e0
-
SSDEEP
24576:N2Ijc+wFpcVR471mHracm9vAW3nE0FIug7UdbD6w:NiomwGB9RxWhIt9
Score10/10-
AdWind
A Java-based RAT family operated as malware-as-a-service.
-
Class file contains resources related to AdWind
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1