adwind | 6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365 | Triage

Submit
Reports

Overview

overview

Static

static

Sorillas.jar

windows11-21h2-x64

8

Sharing

General

Target

Sorillas.jar
Size

10.0MB
Sample

250204-ptkyfswmcy
MD5

7e3c3eadd00b0903f1fcc806536cf406
SHA1

efe17275ac9ffc91fb1ce25f579fbfa1f8dc6095
SHA256

6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365
SHA512

9dcd295c96f6beab8fb5af447fa759bbf7ff1154f345affeff1b06e2f205e561cd6eb31db23f3656e751d0892c4b766112684068b43bb4e70a075c1a909a2abc
SSDEEP

196608:ulloD+JyfJIFFM0rT/mpDni/Mcd8qAbPeGmeIWvhAn9QrmE:uHoz0FM02JiEQ/kGdeIWJC9Qrx

Score

10^/10

adwind defense_evasion discovery persistence privilege_escalation

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Sorillas.jar

Resource

win11-20241007-en

defense_evasion discovery persistence privilege_escalation

windows11-21h2-x64

19 signatures

900 seconds

Malware Config

Targets

- Target
  
  Sorillas.jar
- Size
  
  10.0MB
- MD5
  
  7e3c3eadd00b0903f1fcc806536cf406
- SHA1
  
  efe17275ac9ffc91fb1ce25f579fbfa1f8dc6095
- SHA256
  
  6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365
- SHA512
  
  9dcd295c96f6beab8fb5af447fa759bbf7ff1154f345affeff1b06e2f205e561cd6eb31db23f3656e751d0892c4b766112684068b43bb4e70a075c1a909a2abc
- SSDEEP
  
  196608:ulloD+JyfJIFFM0rT/mpDni/Mcd8qAbPeGmeIWvhAn9QrmE:uHoz0FM02JiEQ/kGdeIWJC9Qrx
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy