adwind | 012d2fcae6942de8aa569557c3b95ba0434f66e7ae2bfe35b0a800d3e99a4cfc | Triage

Sharing

General

Target

expensive crack.zip
Size

6.8MB
Sample

241115-z2vsqssekq
MD5

ba38a6d34c3e2674b6160ae8d1c1a2d4
SHA1

0e851ec1602e1fb80083a8d20b6b6aba225a9d04
SHA256

012d2fcae6942de8aa569557c3b95ba0434f66e7ae2bfe35b0a800d3e99a4cfc
SHA512

684e89bde6fe0da9a4b58911fba3e8a7c3653dff7915f8d9382265b5ec6976909a218d516aa669196f289664f5236b23f13bbe4d9ef5fb31430799303d41460e
SSDEEP

196608:dXE4PwPjhDcjIAXsDvI/9fNipnptqvRYj8mgJriQ+C:pENjyR/9lbRC8rm6

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  expensive crack.zip
- Size
  
  6.8MB
- MD5
  
  ba38a6d34c3e2674b6160ae8d1c1a2d4
- SHA1
  
  0e851ec1602e1fb80083a8d20b6b6aba225a9d04
- SHA256
  
  012d2fcae6942de8aa569557c3b95ba0434f66e7ae2bfe35b0a800d3e99a4cfc
- SHA512
  
  684e89bde6fe0da9a4b58911fba3e8a7c3653dff7915f8d9382265b5ec6976909a218d516aa669196f289664f5236b23f13bbe4d9ef5fb31430799303d41460e
- SSDEEP
  
  196608:dXE4PwPjhDcjIAXsDvI/9fNipnptqvRYj8mgJriQ+C:pENjyR/9lbRC8rm6
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- Class file contains resources related to AdWind
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3
- Target
  
  expensive 3.2 crack/expapasta.jar
- Size
  
  6.9MB
- MD5
  
  0d086bd973376fccd4a544a2413a8669
- SHA1
  
  7e7f37a586c0cc0cf76d9ac89d4aa3accac73b63
- SHA256
  
  56e11160890d361c8175760ac8ad16dc46d8e35dc18caf3d3e64b8fbd83ba6bd
- SHA512
  
  8b8b2eeea1dbc7a1722ed099ac113a50a80ba8b2a260e6a342ce527086bbf2b18d72705a5e9fb0593a1d964ea01c66f246bbfea821aa90dfa85fec3d90d5f1f0
- SSDEEP
  
  196608:3iTZUEs+Mpme9thJzrIPwYF9NB7sDfb06Kveqym:KQpmu1r8zr4gXGqN
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral4 behavioral5 behavioral6
- Target
  
  expensive 3.2 crack/start.cmd
- Size
  
  764B
- MD5
  
  01b8ed92434e95a011e8e8dacba2fd68
- SHA1
  
  d1f538dfbab7a19c792b8325b2e9cbcc3cd9937d
- SHA256
  
  59a12fd47b56fa697512484117f37bd4a69b733c44614c13153e955581eb6799
- SHA512
  
  ce14085421d4902b300370896048a3e901508def1bdd5158a7df286cbc9de32163e3ef67afe416a5879816915ec75badf6604adaf19218b6343467c9391d1f9a
Score

1^/10
behavioral7 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

adwindpersistencetrojan

behavioral3

adwindpersistencetrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9