adwind | fdb45f94820270f233ed3eb3bf555d4b75e8fc84f2874341ad1554d268e0ec89 | Triage

Sharing

General

Target

e21c6429f2641e42efeef781eeddd0e5_JaffaCakes118
Size

241KB
Sample

241211-sycpesylfw
MD5

e21c6429f2641e42efeef781eeddd0e5
SHA1

ce30487fad17c843dbd98ecef37b2b85d788d684
SHA256

fdb45f94820270f233ed3eb3bf555d4b75e8fc84f2874341ad1554d268e0ec89
SHA512

a082ed462a3416a24f5d987849be5ab6731558189f8da0b9e4fab928f1134c24773de27aa153eb811f341d656aded21815e8a4be7b5bbb1dedb24f44e96cb3d5
SSDEEP

6144:s3Z8jWTGhiQxlBXJNhNojYvYSlYfpG/iJWGpMqfGfhGlb5s0T:qcWTZWZnroj3GqJ3Zf3Z

Score

10^/10

adwind persistence trojan

Malware Config

Targets

- Target
  
  e21c6429f2641e42efeef781eeddd0e5_JaffaCakes118
- Size
  
  241KB
- MD5
  
  e21c6429f2641e42efeef781eeddd0e5
- SHA1
  
  ce30487fad17c843dbd98ecef37b2b85d788d684
- SHA256
  
  fdb45f94820270f233ed3eb3bf555d4b75e8fc84f2874341ad1554d268e0ec89
- SHA512
  
  a082ed462a3416a24f5d987849be5ab6731558189f8da0b9e4fab928f1134c24773de27aa153eb811f341d656aded21815e8a4be7b5bbb1dedb24f44e96cb3d5
- SSDEEP
  
  6144:s3Z8jWTGhiQxlBXJNhNojYvYSlYfpG/iJWGpMqfGfhGlb5s0T:qcWTZWZnroj3GqJ3Zf3Z
Score

10^/10

adwind persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

adwindpersistencetrojan