adwind | 22e8bfcaea188e87e23bd4828feccbf835bd371190174fd6514dab23ad39a7e8 | Triage

Sharing

General

Target

roblox-installer.jar
Size

1.8MB
Sample

250107-b9x13aykct
MD5

b4a891ea3811b35e83660512e89e6147
SHA1

a6858bdf3d1440a2b31a631cfb6202e29035f133
SHA256

22e8bfcaea188e87e23bd4828feccbf835bd371190174fd6514dab23ad39a7e8
SHA512

12f461f8521647807f9aa31419892d8dd05044d74ade1475c1cc83f504c6a37133177d88c9571a48e7169687295d44ee233321d96f493cc744811d6f17cc1155
SSDEEP

49152:zSQSuJs1UV9AuuTIuV/X2avJW9M7efBwxg+te1:zjSbUVJkIuV/XVW5Q3ty

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  roblox-installer.jar
- Size
  
  1.8MB
- MD5
  
  b4a891ea3811b35e83660512e89e6147
- SHA1
  
  a6858bdf3d1440a2b31a631cfb6202e29035f133
- SHA256
  
  22e8bfcaea188e87e23bd4828feccbf835bd371190174fd6514dab23ad39a7e8
- SHA512
  
  12f461f8521647807f9aa31419892d8dd05044d74ade1475c1cc83f504c6a37133177d88c9571a48e7169687295d44ee233321d96f493cc744811d6f17cc1155
- SSDEEP
  
  49152:zSQSuJs1UV9AuuTIuV/X2avJW9M7efBwxg+te1:zjSbUVJkIuV/XVW5Q3ty
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2