adwind | b09142c0a565599fa55709ecca76b9ee01ff64620c2955f47a810a119b4c6404 | Triage

Sharing

General

Target

eeeeeeeeee.jar
Size

639KB
Sample

250220-m1wmestmdq
MD5

4499732515e46f3b8a8a2ffbb1fab5b9
SHA1

9ffb1e1f35d3e3e0ade19625f7a1cf70c2869411
SHA256

b09142c0a565599fa55709ecca76b9ee01ff64620c2955f47a810a119b4c6404
SHA512

b16a9e05cd78a431fbe07856252eabe1c4895b8fccac60a52caa0842faa021e58f4c911d30bdf97c9052b8beedab76cea4d89d0f773a57d7e1f033600dd28b90
SSDEEP

12288:pLxeQE/MGEDCn4LSUKZXgo/dRj+BAmNWphgUFORqD3iuQ2xISLHDQB:pL0QgADa4O3XgoHWRWpeKDiu9xTLHDQB

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  eeeeeeeeee.jar
- Size
  
  639KB
- MD5
  
  4499732515e46f3b8a8a2ffbb1fab5b9
- SHA1
  
  9ffb1e1f35d3e3e0ade19625f7a1cf70c2869411
- SHA256
  
  b09142c0a565599fa55709ecca76b9ee01ff64620c2955f47a810a119b4c6404
- SHA512
  
  b16a9e05cd78a431fbe07856252eabe1c4895b8fccac60a52caa0842faa021e58f4c911d30bdf97c9052b8beedab76cea4d89d0f773a57d7e1f033600dd28b90
- SSDEEP
  
  12288:pLxeQE/MGEDCn4LSUKZXgo/dRj+BAmNWphgUFORqD3iuQ2xISLHDQB:pL0QgADa4O3XgoHWRWpeKDiu9xTLHDQB
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2