adwind | 4f8baee9204a638e3bf728e40413c90f590ad0a22a36f0f18567f0f2f4d00b1f | Triage

Sharing

General

Target

ezzzzzzzzz.jar
Size

639KB
Sample

250301-yx6trs1sex
MD5

f3ef5139dfd32e404dd189ff7e249889
SHA1

b4829866b435268c24b4d7be2d08514b110c31f5
SHA256

4f8baee9204a638e3bf728e40413c90f590ad0a22a36f0f18567f0f2f4d00b1f
SHA512

11e37be79df7d9a7c3a13585ea97fe4a7424e13395dc6132ed6b80f05a8f6e4098c8e32be872ae3a3de79576099d81bdc2b6cd96c7b15b5c126ab28ac98a9e97
SSDEEP

12288:n/F0QW/uUu5oT4XIM4nrgU/JRT+9CeN25Tg4FCR893uuE2BsSJDD4P:n/WQaa5k4YrrgUbqz250WvuuZBvJDD4P

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  ezzzzzzzzz.jar
- Size
  
  639KB
- MD5
  
  f3ef5139dfd32e404dd189ff7e249889
- SHA1
  
  b4829866b435268c24b4d7be2d08514b110c31f5
- SHA256
  
  4f8baee9204a638e3bf728e40413c90f590ad0a22a36f0f18567f0f2f4d00b1f
- SHA512
  
  11e37be79df7d9a7c3a13585ea97fe4a7424e13395dc6132ed6b80f05a8f6e4098c8e32be872ae3a3de79576099d81bdc2b6cd96c7b15b5c126ab28ac98a9e97
- SSDEEP
  
  12288:n/F0QW/uUu5oT4XIM4nrgU/JRT+9CeN25Tg4FCR893uuE2BsSJDD4P:n/WQaa5k4YrrgUbqz250WvuuZBvJDD4P
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence