adwind | e343f7e2f66dee72a235c395fe7ede19ce75a3bcc20b069441e39e719b37acf2 | Triage

Sharing

General

Target

f87a14aa18ac68aa3833d699a15e75ac_JaffaCakes118
Size

500KB
Sample

241216-lzxmnawpel
MD5

f87a14aa18ac68aa3833d699a15e75ac
SHA1

20429902b24fab889a812cba8bf9cb09707ffe9a
SHA256

e343f7e2f66dee72a235c395fe7ede19ce75a3bcc20b069441e39e719b37acf2
SHA512

d1997a89d0710905b36d9a6fb7c743386d963f23f7cbb50c47d70c69e17085f325a1e776d9f458c8262fbb8b2a87b1a96e3090271dbd64fd74a02cb6f64ff61c
SSDEEP

12288:HmRs9gRhHvVggZD4hGb5pxogQNUhIK/0c2qnAV:HmR/9xZDaKsS7B2qnK

Score

10^/10

adwind discovery persistence trojan

Malware Config

Targets

- Target
  
  f87a14aa18ac68aa3833d699a15e75ac_JaffaCakes118
- Size
  
  500KB
- MD5
  
  f87a14aa18ac68aa3833d699a15e75ac
- SHA1
  
  20429902b24fab889a812cba8bf9cb09707ffe9a
- SHA256
  
  e343f7e2f66dee72a235c395fe7ede19ce75a3bcc20b069441e39e719b37acf2
- SHA512
  
  d1997a89d0710905b36d9a6fb7c743386d963f23f7cbb50c47d70c69e17085f325a1e776d9f458c8262fbb8b2a87b1a96e3090271dbd64fd74a02cb6f64ff61c
- SSDEEP
  
  12288:HmRs9gRhHvVggZD4hGb5pxogQNUhIK/0c2qnAV:HmR/9xZDaKsS7B2qnK
Score

10^/10

adwind discovery persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwinddiscoverypersistencetrojan

behavioral2

adwinddiscoverypersistencetrojan