adwind | f43ea2f9dcb6d967aa18a4459f9090a4a8315266fd947cf9bb54ba70911cbf79 | Triage

Resubmissions

07/01/2025, 02:02

250107-cgdx6aymgw 10

07/01/2025, 01:57

250107-cdp61sylgs 10

Sharing

General

Target

fornite-installer.jar
Size

9.8MB
Sample

250107-cgdx6aymgw
MD5

c40fb879e84a0ce48402c0f716c8627c
SHA1

03947ac1604329e3aec61ec72ffbf3cb96674f95
SHA256

f43ea2f9dcb6d967aa18a4459f9090a4a8315266fd947cf9bb54ba70911cbf79
SHA512

7ac75ece3fc025e9f551b43769ac72b573f6674b1a9c57142ba3cf5fbff10dca46ee80a23f7a7a6a5de211b6fe5294760636b6537c4d36ebf81fa9363a83f4f5
SSDEEP

196608:LG79YgrKPhPu8UHa7jNY9c9jfAPmpJLNLhVn+oeHbF3JY9znSBA8zk:qchP3pjeih/LNgoGFZYVSW8Y

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  fornite-installer.jar
- Size
  
  9.8MB
- MD5
  
  c40fb879e84a0ce48402c0f716c8627c
- SHA1
  
  03947ac1604329e3aec61ec72ffbf3cb96674f95
- SHA256
  
  f43ea2f9dcb6d967aa18a4459f9090a4a8315266fd947cf9bb54ba70911cbf79
- SHA512
  
  7ac75ece3fc025e9f551b43769ac72b573f6674b1a9c57142ba3cf5fbff10dca46ee80a23f7a7a6a5de211b6fe5294760636b6537c4d36ebf81fa9363a83f4f5
- SSDEEP
  
  196608:LG79YgrKPhPu8UHa7jNY9c9jfAPmpJLNLhVn+oeHbF3JY9znSBA8zk:qchP3pjeih/LNgoGFZYVSW8Y
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2