Overview

overview

10

Static

static

1

79245dbb19...1d.jar

windows7-x64

10

79245dbb19...1d.jar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79245dbb19e445f38be57c9f04cf0e3c35dc33b686d06460ed25298f1e8a801d.zip

  • Size

    610KB

  • Sample

    241119-2vy8pavfrr

  • MD5

    d168fc3b7949f1a00a24a8e6e71ab9cf

  • SHA1

    1493bd89113c25709efbd3404ef5007f2bcd2497

  • SHA256

    7e58ac38c97ddd22502d7c4f3bccfdb9a52094e29779f54799b281a59c5a8766

  • SHA512

    78b0423e9f649443297d58d154256199b9695f21e07a1eb3c88a617448351ce2a75c770b5078fed47263875b8ca10ce94cd705af38da8d1b2da9b7b318c1e88e

  • SSDEEP

    12288:JcamyOQyaog4Y7c3V4RNDKFTH8cWUJSVUXea6:JcByOQvou7cqRNDKFoUJSVUX4

Score
10/10
adwindexecutionpersistencetrojan

Malware Config

Targets

    • Target

      79245dbb19e445f38be57c9f04cf0e3c35dc33b686d06460ed25298f1e8a801d.zip

    • Size

      610KB

    • MD5

      dbdcc9103658ef01345a9eed3b9f870e

    • SHA1

      04c89ca023b41b21d10c2ae17a312f448ed98103

    • SHA256

      79245dbb19e445f38be57c9f04cf0e3c35dc33b686d06460ed25298f1e8a801d

    • SHA512

      9b28517953e49f250ccada8db67f9004b3e9ec833a2caf1d108ed5ac811fe4584da4d6e6217a34949c1ad80f7df41466177a93854791dc4ce290b0fee3ca87a8

    • SSDEEP

      12288:f5su2iASXmWQTYG/LRRIf4bqYJA1nQ0cKgj0/5Ovtx5Oq:mlwQ0OvnGnQ0cKgj0/5Olx5Oq

    Score
    10/10
    adwindexecutionpersistencetrojan

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Adwind family

      adwind

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks