adwind | e4aceb65bb314136befc7c6f13fecf58ef110a001d6adbcc3b89a3cb323a6f0f | Triage

Sharing

General

Target

3e870fc6e63c5d95f35da8d12eed189103a3df2c5d2a8d0b558ad869de492fe4.zip
Size

498KB
Sample

241108-lyxk9ssphp
MD5

edc318758e6d567717e84fd0d4dabbb1
SHA1

8d9ddbc3e57d25a213965f6a928d0c522596933d
SHA256

e4aceb65bb314136befc7c6f13fecf58ef110a001d6adbcc3b89a3cb323a6f0f
SHA512

182c11b8f507d5d9175e2e2105bf9acb216688b719acb550ed7a7f1f5b1c9bb64723f27cb697c21467eefe571fc3711fa6ed97909e45ee860f63cc16b89664e9
SSDEEP

12288:K6M1RHCx3dbk2wVpvI46gaxquPSMev6XMqfBD0R3:C3HCrg3HaxlP3MsMq5D05

Score

10^/10

adwind evasion persistence trojan

Malware Config

Targets

- Target
  
  3e870fc6e63c5d95f35da8d12eed189103a3df2c5d2a8d0b558ad869de492fe4
- Size
  
  498KB
- MD5
  
  e23b5a6eae2511dfa22d76eabbadaa0a
- SHA1
  
  09c5ddaf9d32b98dd513b3e2b2cec0a981c3586a
- SHA256
  
  3e870fc6e63c5d95f35da8d12eed189103a3df2c5d2a8d0b558ad869de492fe4
- SHA512
  
  cd02902080483ac231404908858c13569e920f7d17a775948b98d7558de317dc2fc75aff96106b9e7f5e4373fd151575bb542be3163247fb66f985ec156282f5
- SSDEEP
  
  12288:+6yZTHXwr19MLwAoJVkfpOcBGYEoFNUK8rN:+6AHAr19MMAoJVkfpbZFSLrN
Score

10^/10

adwind evasion persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- Disables use of System Restore points
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

adwindevasionpersistencetrojan

behavioral2

adwindevasionpersistencetrojan