adwind | 4938e9be5bbd0661cb384124fb97c5ef8c683481e6bfa9192184dd4c32eaf9f6 | Triage

Submit
Reports

Overview

overview

Static

static

ccc9f5a846...20.jar

windows7-x64

ccc9f5a846...20.jar

windows10-2004-x64

Sharing

General

Target

4938e9be5bbd0661cb384124fb97c5ef8c683481e6bfa9192184dd4c32eaf9f6.zip
Size

71KB
Sample

250325-2g79fatwby
MD5

8a773557219f7820c7e632e195ea5146
SHA1

40cbe959c5ff847dc919687d530cac5397aaea3e
SHA256

4938e9be5bbd0661cb384124fb97c5ef8c683481e6bfa9192184dd4c32eaf9f6
SHA512

81505f6589d0d652584397f15495ae78507320ede37ccfba8503129ead5f5819ed9584b017bf975cf4cef2baf65922edb322ef231a9a5322de20987eae4d5834
SSDEEP

1536:f3XvIRXY3OkpkAq/j7MPpPRrtkKvetcpi5BjbXlqPVenyc:ffIRX+Ok/q/j7KpPVtkbvp

Score

10^/10

adwind defense_evasion persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ccc9f5a8463054f7540bb2b7aff55ccf4523c2c50f31a61cfb5c6c703d162d20.jar

Resource

win7-20240903-en

adwind defense_evasion persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ccc9f5a8463054f7540bb2b7aff55ccf4523c2c50f31a61cfb5c6c703d162d20.jar

Resource

win10v2004-20250314-en

adwind defense_evasion persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ccc9f5a8463054f7540bb2b7aff55ccf4523c2c50f31a61cfb5c6c703d162d20.jar
- Size
  
  71KB
- MD5
  
  838346240204f348e716e6de63fc189b
- SHA1
  
  00a415cd130cd41ca837fd337143dc127a15f4a9
- SHA256
  
  ccc9f5a8463054f7540bb2b7aff55ccf4523c2c50f31a61cfb5c6c703d162d20
- SHA512
  
  f6a67a00baeeff621b7113d6b80de57d7d9b43a638ea80b65eb4ceb63c1e4d4d43cd584464d97afc28f1f77affd381b6a87de6ccc911c59223bd9aaeee055ba7
- SSDEEP
  
  1536:cRk7T0CzBrcurk1uRpMCoEiMlPIaHm9JPyaRCEodWaZTnGIZG8hluD9JakQ2a:cRkn0CzBrmypMCo7nbNRNocMTGIQ8h0I
Score

10^/10

adwind defense_evasion persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- JAR file contains resources related to AdWind
  This JAR file potentially contains loader stubs used by the AdWind RAT.
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwinddefense_evasionpersistencetrojan

behavioral2

adwinddefense_evasionpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.