adwind | def26eff69c14a0d4e02b23e19956a0020290100c4c13a7dcec1f33a3b39ccbe | Triage

Sharing

General

Target

robux.jar
Size

11.7MB
Sample

241123-jcweza1max
MD5

4ac4a7e055d8124aa3e86b0fbf7f4c96
SHA1

38094b0c571b491f4dedf181561d5e50e4d3ca30
SHA256

def26eff69c14a0d4e02b23e19956a0020290100c4c13a7dcec1f33a3b39ccbe
SHA512

014a4815759642b0e93ea980b4fe721cce343f4e4dbb99666740af7ac8d166ff7562d14567a8d13224a09d76ecf3147e18a031c163a13f87d2b04bd3c25ed846
SSDEEP

196608:74vLKMnNjMwJh4/SnSUpSsjiIhA9q7QQz5sG6ERvPb8K8Hd6NkvKiEoqrsmIg:S5MwJyNUIyN7tq2Rb8PHEaCE1mIg

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  robux.jar
- Size
  
  11.7MB
- MD5
  
  4ac4a7e055d8124aa3e86b0fbf7f4c96
- SHA1
  
  38094b0c571b491f4dedf181561d5e50e4d3ca30
- SHA256
  
  def26eff69c14a0d4e02b23e19956a0020290100c4c13a7dcec1f33a3b39ccbe
- SHA512
  
  014a4815759642b0e93ea980b4fe721cce343f4e4dbb99666740af7ac8d166ff7562d14567a8d13224a09d76ecf3147e18a031c163a13f87d2b04bd3c25ed846
- SSDEEP
  
  196608:74vLKMnNjMwJh4/SnSUpSsjiIhA9q7QQz5sG6ERvPb8K8Hd6NkvKiEoqrsmIg:S5MwJyNUIyN7tq2Rb8PHEaCE1mIg
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2