adwind | 405187b1885d7cb5af1e8f6c2f3fd8bfaadcc4378c9916812658048a4bcb2ed8 | Triage

Sharing

General

Target

MeteorClient.jar
Size

639KB
Sample

250118-zngzqavnbl
MD5

6bd6e83c90434ab23b582484305c8330
SHA1

0102bd04ae3e21d84fb46a42420b4d721a113db7
SHA256

405187b1885d7cb5af1e8f6c2f3fd8bfaadcc4378c9916812658048a4bcb2ed8
SHA512

28c99d44102b2bc4b58a75a7d2e8e49c506fc1838d83ca28ae673201a7846ba0aee2d035b949e5cce5280497ecc5149389bcd1e18919a85288b11da07e35b4ac
SSDEEP

12288:jjJsQq/OkWZkX4zcI4LbgM/xRX+NyuNKJHgA5GR4x3yu02xASR7Dsv:jjSQemZk44fbgMz+jKJAKXyupxbR7Dsv

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  MeteorClient.jar
- Size
  
  639KB
- MD5
  
  6bd6e83c90434ab23b582484305c8330
- SHA1
  
  0102bd04ae3e21d84fb46a42420b4d721a113db7
- SHA256
  
  405187b1885d7cb5af1e8f6c2f3fd8bfaadcc4378c9916812658048a4bcb2ed8
- SHA512
  
  28c99d44102b2bc4b58a75a7d2e8e49c506fc1838d83ca28ae673201a7846ba0aee2d035b949e5cce5280497ecc5149389bcd1e18919a85288b11da07e35b4ac
- SSDEEP
  
  12288:jjJsQq/OkWZkX4zcI4LbgM/xRX+NyuNKJHgA5GR4x3yu02xASR7Dsv:jjSQemZk44fbgMz+jKJAKXyupxbR7Dsv
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence