adwind | 237ef7673a0f6438a7d52f1a127e0cca1a7665f27d8fd3f80258d6a3718a948f | Triage

Sharing

General

Target

sevkanigger.zip
Size

6.8MB
Sample

241115-z4ybmswlgl
MD5

2f747823c6da001537a5aeef505de22f
SHA1

5a31fad8218da1944df6fd0749e4be5d3133455c
SHA256

237ef7673a0f6438a7d52f1a127e0cca1a7665f27d8fd3f80258d6a3718a948f
SHA512

7236d02c2412c56e1640b6deb7d01e6415d0c6ae95c765eb5c870fd2f6cb86cdf3cc1a8e84819a877c12077c6da819b01a97ceaa8b58c2a6351cc68c2db1b713
SSDEEP

196608:dXE4P3cMAiTVAFYS2+uVcr4tRkmJCfwm1cVXCDsB:pEtMAGCuWFmJCfwQco+

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  sevkanigger.zip
- Size
  
  6.8MB
- MD5
  
  2f747823c6da001537a5aeef505de22f
- SHA1
  
  5a31fad8218da1944df6fd0749e4be5d3133455c
- SHA256
  
  237ef7673a0f6438a7d52f1a127e0cca1a7665f27d8fd3f80258d6a3718a948f
- SHA512
  
  7236d02c2412c56e1640b6deb7d01e6415d0c6ae95c765eb5c870fd2f6cb86cdf3cc1a8e84819a877c12077c6da819b01a97ceaa8b58c2a6351cc68c2db1b713
- SSDEEP
  
  196608:dXE4P3cMAiTVAFYS2+uVcr4tRkmJCfwm1cVXCDsB:pEtMAGCuWFmJCfwQco+
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- Class file contains resources related to AdWind
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  expensive 3.2 crack/expapasta.jar
- Size
  
  6.9MB
- MD5
  
  adc85420c269bf5e808f6f703611d57c
- SHA1
  
  6b899a737504a4568bd7cd4f7dc5fef7a039958f
- SHA256
  
  fba508fae28635f44b9933b276e85e2618f7d05dc7fef1282ff49af32d454a02
- SHA512
  
  739b900f29da1c2503781048240f7c73367390a2a55fb2e5be204291c7db941a27f65c77ed8c67b0e5c68e2e35e046a8a51ad3f12a46ff72aaa17887c7408fa9
- SSDEEP
  
  196608:L8vPGUx/vEetq03f1pMs162T5Dgpk3XO9crux6Z:6ZEeQMp34y2uUNxu
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral2
- Target
  
  expensive 3.2 crack/start.cmd
- Size
  
  764B
- MD5
  
  01b8ed92434e95a011e8e8dacba2fd68
- SHA1
  
  d1f538dfbab7a19c792b8325b2e9cbcc3cd9937d
- SHA256
  
  59a12fd47b56fa697512484117f37bd4a69b733c44614c13153e955581eb6799
- SHA512
  
  ce14085421d4902b300370896048a3e901508def1bdd5158a7df286cbc9de32163e3ef67afe416a5879816915ec75badf6604adaf19218b6343467c9391d1f9a
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

behavioral3