General
-
Target
Sorillus V6.2 updated.zip
-
Size
224.0MB
-
Sample
241215-k1sjna1nek
-
MD5
93c78d45339f83c36c9da8e79d3f1665
-
SHA1
507de0bdffff3a316e0156fa14e514bf788da446
-
SHA256
862d9420d4773e4bf8f106e01398a351ff6837a2d02457b48120cd0bb631f162
-
SHA512
277fca01af54a970f043c1aeb7b10fd0c79aed776b14ac9a706b683372d9adf158cc45cdf1a5d3dfa8faaf5357dcf239e197db2564af460734414d39dbd2318f
-
SSDEEP
786432:KB7pso5UjVIrcv6c1BsaWWrXzdYCrYVcbGR53UMrwBSlomS5nr5v6sIcI47Tj+2M:KdAacvHBsaT3dp2x3UdiTx/Irg0cwfO/
Malware Config
Targets
-
-
Target
Sorillus V6.2 updated.zip
-
Size
224.0MB
-
MD5
93c78d45339f83c36c9da8e79d3f1665
-
SHA1
507de0bdffff3a316e0156fa14e514bf788da446
-
SHA256
862d9420d4773e4bf8f106e01398a351ff6837a2d02457b48120cd0bb631f162
-
SHA512
277fca01af54a970f043c1aeb7b10fd0c79aed776b14ac9a706b683372d9adf158cc45cdf1a5d3dfa8faaf5357dcf239e197db2564af460734414d39dbd2318f
-
SSDEEP
786432:KB7pso5UjVIrcv6c1BsaWWrXzdYCrYVcbGR53UMrwBSlomS5nr5v6sIcI47Tj+2M:KdAacvHBsaT3dp2x3UdiTx/Irg0cwfO/
Score10/10-
AdWind
A Java-based RAT family operated as malware-as-a-service.
-
Adwind family
-
Class file contains resources related to AdWind
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1