adwind | b2a92dabe8bd592faadeefd96cdd24635479fbe6a18cab90a53a62b866196b0d | Triage

Sharing

General

Target

b2a92dabe8bd592faadeefd96cdd24635479fbe6a18cab90a53a62b866196b0d
Size

639KB
Sample

250213-fw57qstqdz
MD5

017e07d47950811f039a0510b435f5de
SHA1

ac7d9d5856f68f4b6c20dc14c2e8192fde436b97
SHA256

b2a92dabe8bd592faadeefd96cdd24635479fbe6a18cab90a53a62b866196b0d
SHA512

2870e5adc543ad3fc30a6cc19b73c63cc1356e7c6c49128e0f4edc356f06e81945a84e6ac398d68221f43a1b3f490f838a4af9a86fc322da5bee3430c16e01d6
SSDEEP

12288:Kfz5QV/Ljd4XB4NRYxUvgi/vRr+RXwNaj+g+1WR9k3wug2B0Sa5Dg/:KfFQFN4x4PjvgixGSajHA1wutBHa5Dg/

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  b2a92dabe8bd592faadeefd96cdd24635479fbe6a18cab90a53a62b866196b0d
- Size
  
  639KB
- MD5
  
  017e07d47950811f039a0510b435f5de
- SHA1
  
  ac7d9d5856f68f4b6c20dc14c2e8192fde436b97
- SHA256
  
  b2a92dabe8bd592faadeefd96cdd24635479fbe6a18cab90a53a62b866196b0d
- SHA512
  
  2870e5adc543ad3fc30a6cc19b73c63cc1356e7c6c49128e0f4edc356f06e81945a84e6ac398d68221f43a1b3f490f838a4af9a86fc322da5bee3430c16e01d6
- SSDEEP
  
  12288:Kfz5QV/Ljd4XB4NRYxUvgi/vRr+RXwNaj+g+1WR9k3wug2B0Sa5Dg/:KfFQFN4x4PjvgixGSajHA1wutBHa5Dg/
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence