adwind | c76ce6ece9ab0793d6179c60ffdcf524a9a2f27fbc5036113879a346dd5e7af3 | Triage

Sharing

General

Target

GalaxyFix.jar
Size

1.9MB
Sample

241228-ctqsgsvjcp
MD5

f93ce57178efa82666f4cd3c3f1ff3a1
SHA1

cd51691cbd2bb8fd5eb4f712f4850b0dd6cc939b
SHA256

c76ce6ece9ab0793d6179c60ffdcf524a9a2f27fbc5036113879a346dd5e7af3
SHA512

4c336520edd1839071d782a7a67896b46af6c81df6ebdd9ed9ec739966d03365a3d15f117e84dcfc35fb47620220f33e54f8f72db7cd33c7d536fc901559ef82
SSDEEP

49152:xHpM+V0BeAzbJnJHaMfFC8zq/rBTnry/ONTKQ4:xHpMve6bJ7fI8zqTRnW/GJ4

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  GalaxyFix.jar
- Size
  
  1.9MB
- MD5
  
  f93ce57178efa82666f4cd3c3f1ff3a1
- SHA1
  
  cd51691cbd2bb8fd5eb4f712f4850b0dd6cc939b
- SHA256
  
  c76ce6ece9ab0793d6179c60ffdcf524a9a2f27fbc5036113879a346dd5e7af3
- SHA512
  
  4c336520edd1839071d782a7a67896b46af6c81df6ebdd9ed9ec739966d03365a3d15f117e84dcfc35fb47620220f33e54f8f72db7cd33c7d536fc901559ef82
- SSDEEP
  
  49152:xHpM+V0BeAzbJnJHaMfFC8zq/rBTnry/ONTKQ4:xHpMve6bJ7fI8zqTRnW/GJ4
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2