adwind | 4a93b3a41c77cb9cbaf1500097e33c1456ff5fa52c4a507624f163a35afa4941 | Triage

Sharing

General

Target

ezz.jar
Size

639KB
Sample

250119-whg6razkbp
MD5

ba91eedd55543ec8b18ba8c9dd27886c
SHA1

4d3c0e05342791d000cd689fdc84650ba324ce85
SHA256

4a93b3a41c77cb9cbaf1500097e33c1456ff5fa52c4a507624f163a35afa4941
SHA512

204ada7e600fc7893bfd25be9c08bfa97c6ab5284c2c40e7af1f23a5963c48665bde9f24528bc0952ec6997396fc65fb955efc989a20388c3bfa29e5b9d43e38
SSDEEP

12288:w/3bQ3/J9zed94V74X+fg+/rRr+VZMNmfogeVuRrC3Au0290SMhDMJ:w/rQPjeT4VPfg+FaImfVwlAup9HMhDMJ

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  ezz.jar
- Size
  
  639KB
- MD5
  
  ba91eedd55543ec8b18ba8c9dd27886c
- SHA1
  
  4d3c0e05342791d000cd689fdc84650ba324ce85
- SHA256
  
  4a93b3a41c77cb9cbaf1500097e33c1456ff5fa52c4a507624f163a35afa4941
- SHA512
  
  204ada7e600fc7893bfd25be9c08bfa97c6ab5284c2c40e7af1f23a5963c48665bde9f24528bc0952ec6997396fc65fb955efc989a20388c3bfa29e5b9d43e38
- SSDEEP
  
  12288:w/3bQ3/J9zed94V74X+fg+/rRr+VZMNmfogeVuRrC3Au0290SMhDMJ:w/rQPjeT4VPfg+FaImfVwlAup9HMhDMJ
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1