adwind | 5f43bf3d7c1b25b0e1fa9fe34ca476728a042338bf5348fa92354db68bb43a81 | Triage

Sharing

General

Target

test.jar
Size

653KB
Sample

250323-shbr7avsbx
MD5

9d04910d2605437baa1f4225b0c61e93
SHA1

014f9ebd504edb8c0860567b1f0a2b4d9b2e87a1
SHA256

5f43bf3d7c1b25b0e1fa9fe34ca476728a042338bf5348fa92354db68bb43a81
SHA512

1540969005ecb4e7c34bae3bf40577016e4a2bbe850b3843de6f5a434b04d1511c49727e06457b9da62d712697f5f087d42213b4fb1dff3fffb58b7ae45a221f
SSDEEP

12288:KbDVQF/HHxAXx4xNIh4bgK/HR7+p3kNW3OgyNKRRQ3cuA2NYS+NDks:KbRQ1xAh4z7bgKZ2GW33MJcuNNj+NDks

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  test.jar
- Size
  
  653KB
- MD5
  
  9d04910d2605437baa1f4225b0c61e93
- SHA1
  
  014f9ebd504edb8c0860567b1f0a2b4d9b2e87a1
- SHA256
  
  5f43bf3d7c1b25b0e1fa9fe34ca476728a042338bf5348fa92354db68bb43a81
- SHA512
  
  1540969005ecb4e7c34bae3bf40577016e4a2bbe850b3843de6f5a434b04d1511c49727e06457b9da62d712697f5f087d42213b4fb1dff3fffb58b7ae45a221f
- SSDEEP
  
  12288:KbDVQF/HHxAXx4xNIh4bgK/HR7+p3kNW3OgyNKRRQ3cuA2NYS+NDks:KbRQ1xAh4z7bgKZ2GW33MJcuNNj+NDks
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1