Overview

overview

10

Static

static

1

Scan11102018.vbs

windows7-x64

10

Scan11102018.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    807819f7956f7fbba3658da32d5e5602_JaffaCakes118

  • Size

    622KB

  • Sample

    241030-2n2egatqbl

  • MD5

    807819f7956f7fbba3658da32d5e5602

  • SHA1

    91e9e45c72124f48d3ba34ce2c90dab4e096aad1

  • SHA256

    dbcf74e52508f0ebf8a84b5e95349514f30ce643ac79e1bd827d4c8477083d7a

  • SHA512

    d1e5c74837f4a974ae812d2dd4d1d552f8493abb7b4b0e11109b75641bc67175912c5887fd6b32c4f9adccc12e755f7a114ae45b0e89911a64622178eb106655

  • SSDEEP

    12288:8QLF7xOCx4ZzN+ai7vTmrgIksfKSaGglkFLOaUlPMzOd3yoK5CbagITvOWs:80xf4c70wl8aaQUzOhLJbJI5s

Score
10/10
adwindpersistencetrojan

Malware Config

Targets

    • Target

      Scan11102018.vbs

    • Size

      916KB

    • MD5

      750d4be2d04c335d251bb9368fa713ed

    • SHA1

      5bb3036934318982b7b389b2a3d632f285b18191

    • SHA256

      e722942a60f12c0a82fd06a89c9dd38b90bb4a070613d34be5734b1a1771a07b

    • SHA512

      1585c1b08034ed6505c5fe177ccee3c779a755d9ba6a229ce36cca0486a3935482da6100a71f6262ff0a484e224045e1323dc492670c8d0bdc7a4cb9646c6098

    • SSDEEP

      12288:KsQdDrJ0y2TandOiS0rlg0VfqDBf9A3w3/odUluYHGxzboHZvYN8eADe3wUl2tSX:KFDt0nQd593yVX7lu6WfPNeTztSTR0G

    Score
    10/10
    adwindpersistencetrojan

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Adwind family

      adwind

    • Class file contains resources related to AdWind

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks