adwind | e1357b820ed4d8ea00357611271a215e90a43873717f55e49390c8a08502193d | Triage

Sharing

General

Target

robux generator.jar
Size

639KB
Sample

241123-jr73baxpbr
MD5

e3b40be1545bf794b985d480dea75ea9
SHA1

eb756ca1f0884bf930875745e48cacda143dce3c
SHA256

e1357b820ed4d8ea00357611271a215e90a43873717f55e49390c8a08502193d
SHA512

57f3837eb0299cca3c7ec516edfd881fd8f9f42b876290e6ac9e6c2435ebcfd4164e308ca5d5ed2643b26c16f5c7d89846abc0b4264458415bd73872bd7c6592
SSDEEP

12288:ufb1Q5/PvZ0r54d9I94vgq//RT+xDQNSjageFORpI34u42hcS2xDQB:ufxQ5Z0V4LLvgqBOGSjbgV4u1hf2xDQB

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  robux generator.jar
- Size
  
  639KB
- MD5
  
  e3b40be1545bf794b985d480dea75ea9
- SHA1
  
  eb756ca1f0884bf930875745e48cacda143dce3c
- SHA256
  
  e1357b820ed4d8ea00357611271a215e90a43873717f55e49390c8a08502193d
- SHA512
  
  57f3837eb0299cca3c7ec516edfd881fd8f9f42b876290e6ac9e6c2435ebcfd4164e308ca5d5ed2643b26c16f5c7d89846abc0b4264458415bd73872bd7c6592
- SSDEEP
  
  12288:ufb1Q5/PvZ0r54d9I94vgq//RT+xDQNSjageFORpI34u42hcS2xDQB:ufxQ5Z0V4LLvgqBOGSjbgV4u1hf2xDQB
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2