adwind | 0d63158ad92fa2bdedd465302a18e8f8f910efae6eb6686a1c846c2a9cc9cae4 | Triage

Sharing

General

Target

idk bro.jar
Size

639KB
Sample

250224-c9lhpszns7
MD5

77500cdad67aa74ceda0e7b5673ebc86
SHA1

9112360da806440e3dd0812e7235cd83e5d5da9a
SHA256

0d63158ad92fa2bdedd465302a18e8f8f910efae6eb6686a1c846c2a9cc9cae4
SHA512

fb233bc220cf5e1b0ef80db1c5df5abf1f80adf584d684dd9552e6420f9d3aad0a3e7b1ac716357e0d560048ede5b3cd15211d4e0b7f1b0ce85aeb19cac0cd87
SSDEEP

12288:ZH5eQw/8m4zCv4bG0mh3go/NRj+BMWNS9xgohuRi73Wuc2FMSbzDwN:ZHwQ8kz24i33goX+5S9OCnWuhFPbzDwN

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  idk bro.jar
- Size
  
  639KB
- MD5
  
  77500cdad67aa74ceda0e7b5673ebc86
- SHA1
  
  9112360da806440e3dd0812e7235cd83e5d5da9a
- SHA256
  
  0d63158ad92fa2bdedd465302a18e8f8f910efae6eb6686a1c846c2a9cc9cae4
- SHA512
  
  fb233bc220cf5e1b0ef80db1c5df5abf1f80adf584d684dd9552e6420f9d3aad0a3e7b1ac716357e0d560048ede5b3cd15211d4e0b7f1b0ce85aeb19cac0cd87
- SSDEEP
  
  12288:ZH5eQw/8m4zCv4bG0mh3go/NRj+BMWNS9xgohuRi73Wuc2FMSbzDwN:ZHwQ8kz24i33goX+5S9OCnWuhFPbzDwN
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1