adwind | 8cb3d4d7a6db2b9b0fe196be229acab7806959aebb6833f7a07711e6106485ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aadcef3f65e8b931a7dad5f7b18f86f391a355691a4a2ba0f74901e93ee4be26.zip
Size

517KB
Sample

241108-lrvhbszgqh
MD5

bfcd93ce092e6429101bdcb73a48bae0
SHA1

65c826d7c252caab8fe3cd914b565739fdc3d2f7
SHA256

8cb3d4d7a6db2b9b0fe196be229acab7806959aebb6833f7a07711e6106485ba
SHA512

4aa54807a2c966ee794536b6e88b61683de086a2f115ce55c1b8c11b0d612c67d36dfcac0f611ba37c5ccdf00e98e9bd021e717a73f66d1c4d3157d548c3cb55
SSDEEP

12288:+iJh1LwyT1Jh2e73RMOgGWL+29nvLg07gcZC6oYFDl:+09wWNlMXvL37Jl

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  aadcef3f65e8b931a7dad5f7b18f86f391a355691a4a2ba0f74901e93ee4be26
- Size
  
  538KB
- MD5
  
  a40813efca9067e4eab33ad05afc13b6
- SHA1
  
  63e56f22421457984a0df15480efb85fb44e0d06
- SHA256
  
  aadcef3f65e8b931a7dad5f7b18f86f391a355691a4a2ba0f74901e93ee4be26
- SHA512
  
  2679bca34e2c8c42e34b7bbb327f2d5e0dadb2231fe711a2aeca100e23b4c44b2dee0aa78914ba1abcbf9b9ea21820cb513d68187e1cc83ca6408f289b0dbaf5
- SSDEEP
  
  12288:sBcBk8d4xqem5B9Gi/cC24wROFNaXRB2ruB4l2VjKnefm3:mcBk+6qB5bGkcOwAOBB2ruB4g1KneO3
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

adwindpersistencetrojan