adwind | 1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67 | Triage

Submit
Reports

Overview

overview

Static

static

RAT NIGGA.jar

windows10-ltsc 2021-x64

RAT NIGGA.jar

windows11-21h2-x64

6

Sharing

General

Target

RAT NIGGA.jar
Size

639KB
Sample

241108-ad953stlak
MD5

eaf4f869a0be0418568b88301e8318e5
SHA1

0f5efc7f8fea65eaa0bca6746ff72eeb4d65bd9e
SHA256

1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67
SHA512

2c746db76c9f9987d85809d7598b9a24558d8a1b1c98e77e0398725258b1611e7227dacd7efa094a8f0bdf9cb16b2aae794c5ddcea3a02f6bb153c4403a99c9a
SSDEEP

12288:YPvPQT/dZzqF149PE/+HgK/nRf+9ZYN2Xgg+1CRja3cuQ2hESQBDI7:YP3QLvqj4lTHgKZms2XtoNcu9hXQBDI7

Score

10^/10

adwind defense_evasion persistence phishing

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

RAT NIGGA.jar

Resource

win10ltsc2021-20241023-en

defense_evasion persistence phishing

windows10-ltsc 2021-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

RAT NIGGA.jar

Resource

win11-20241007-en

windows11-21h2-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  RAT NIGGA.jar
- Size
  
  639KB
- MD5
  
  eaf4f869a0be0418568b88301e8318e5
- SHA1
  
  0f5efc7f8fea65eaa0bca6746ff72eeb4d65bd9e
- SHA256
  
  1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67
- SHA512
  
  2c746db76c9f9987d85809d7598b9a24558d8a1b1c98e77e0398725258b1611e7227dacd7efa094a8f0bdf9cb16b2aae794c5ddcea3a02f6bb153c4403a99c9a
- SSDEEP
  
  12288:YPvPQT/dZzqF149PE/+HgK/nRf+9ZYN2Xgg+1CRja3cuQ2hESQBDI7:YP3QLvqj4lTHgKZms2XtoNcu9hXQBDI7
Score

8^/10

defense_evasion persistence phishing
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: 93263704532955710A490D44@AdobeOrg
  phishing
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionpersistencephishing

behavioral2

© 2018-2025

Terms | Privacy