Overview

overview

10

Static

static

3

DemonicRat.exe

windows7-x64

10

DemonicRat.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DemonicRat.exe

  • Size

    92.2MB

  • Sample

    250212-vytdaa1lh1

  • MD5

    a14eceecde0122a246d1fa026f8bd7b7

  • SHA1

    ab10f646cd84da146bff2a7b2659515d4ea6e45a

  • SHA256

    2ad1440758ab2ea7297a288ed1b018444054dbc82f67a7fe9e888151cd19f25c

  • SHA512

    d489205ff29c0506b198d684a443825399ddf7383d5fc026acad579e98852ac1c3772c31d50993c0546502fb9ce413fdc807bee8beeadcc9fd514b39e6b1229b

  • SSDEEP

    49152:2hpWTHXw/twZXyD8GAVVBWpJ87xTrJZIJ87xTRW0I4anWY9BW9twZXyD8GAVVBWE:

Score
10/10
adwinddiscoverypersistencetrojan

Malware Config

Targets

    • Target

      DemonicRat.exe

    • Size

      92.2MB

    • MD5

      a14eceecde0122a246d1fa026f8bd7b7

    • SHA1

      ab10f646cd84da146bff2a7b2659515d4ea6e45a

    • SHA256

      2ad1440758ab2ea7297a288ed1b018444054dbc82f67a7fe9e888151cd19f25c

    • SHA512

      d489205ff29c0506b198d684a443825399ddf7383d5fc026acad579e98852ac1c3772c31d50993c0546502fb9ce413fdc807bee8beeadcc9fd514b39e6b1229b

    • SSDEEP

      49152:2hpWTHXw/twZXyD8GAVVBWpJ87xTrJZIJ87xTRW0I4anWY9BW9twZXyD8GAVVBWE:

    Score
    10/10
    adwinddiscoverytrojanpersistence

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Adwind family

      adwind

    • Class file contains resources related to AdWind

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks