adwind | 4938e9be5bbd0661cb384124fb97c5ef8c683481e6bfa9192184dd4c32eaf9f6 | Triage

Sharing

General

Target

4938e9be5bbd0661cb384124fb97c5ef8c683481e6bfa9192184dd4c32eaf9f6.zip
Size

71KB
Sample

250325-2qey9atxay
MD5

8a773557219f7820c7e632e195ea5146
SHA1

40cbe959c5ff847dc919687d530cac5397aaea3e
SHA256

4938e9be5bbd0661cb384124fb97c5ef8c683481e6bfa9192184dd4c32eaf9f6
SHA512

81505f6589d0d652584397f15495ae78507320ede37ccfba8503129ead5f5819ed9584b017bf975cf4cef2baf65922edb322ef231a9a5322de20987eae4d5834
SSDEEP

1536:f3XvIRXY3OkpkAq/j7MPpPRrtkKvetcpi5BjbXlqPVenyc:ffIRX+Ok/q/j7KpPVtkbvp

Score

10^/10

adwind defense_evasion persistence trojan

Malware Config

Targets

- Target
  
  ccc9f5a8463054f7540bb2b7aff55ccf4523c2c50f31a61cfb5c6c703d162d20.jar
- Size
  
  71KB
- MD5
  
  838346240204f348e716e6de63fc189b
- SHA1
  
  00a415cd130cd41ca837fd337143dc127a15f4a9
- SHA256
  
  ccc9f5a8463054f7540bb2b7aff55ccf4523c2c50f31a61cfb5c6c703d162d20
- SHA512
  
  f6a67a00baeeff621b7113d6b80de57d7d9b43a638ea80b65eb4ceb63c1e4d4d43cd584464d97afc28f1f77affd381b6a87de6ccc911c59223bd9aaeee055ba7
- SSDEEP
  
  1536:cRk7T0CzBrcurk1uRpMCoEiMlPIaHm9JPyaRCEodWaZTnGIZG8hluD9JakQ2a:cRkn0CzBrmypMCo7nbNRNocMTGIQ8h0I
Score

10^/10

adwind defense_evasion persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Adwind family
  adwind
- JAR file contains resources related to AdWind
  This JAR file potentially contains loader stubs used by the AdWind RAT.
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwinddefense_evasionpersistencetrojan

behavioral2

adwinddefense_evasionpersistencetrojan