adwind | 38cc99ed1a4e104d5a7aa4e3f78c557f432902c32b1c118d802d84aa59bfa770 | Triage

Sharing

General

Target

Celestial.rar
Size

617KB
Sample

250326-ydsssstmx5
MD5

23f12bc0c903fb19ff6c822d1b2de222
SHA1

c2bf4e6d4852e8b9aed15b969467a597c9252032
SHA256

38cc99ed1a4e104d5a7aa4e3f78c557f432902c32b1c118d802d84aa59bfa770
SHA512

70be6f6957ca4a17619fb8c776a4fe8d13e39d8b333328dcefcfcce789e810e4435913e6303c0515eed7956d8278c0caff20703d37163d12cba6aedaf4fe13c6
SSDEEP

12288:PUVY4mxhlZKoHaLM9RoPipbfOB3k7/GAXBJCiIxv5zfDbwK3nt8h3SQ4h:sVYNVZ9Ro4bfOBaJCiS5zfAK3nt8hf4h

Score

10^/10

adwind persistence

Malware Config

Targets

- Target
  
  Celestial/Celestial.jar
- Size
  
  639KB
- MD5
  
  335e19f97c6bd6e1edd3e05b577a4b85
- SHA1
  
  d764d2645145bd2cb185fe53c3589e634b19b991
- SHA256
  
  2806e12d1f19ba55fc572cb9662c1bc6c81a2608c00085a198101e71f1c6c154
- SHA512
  
  e25f4f75a375d85a796496877cfce5b27983da4ad577602b1c0dd7593786f20881ac3cdc42c67301d1296e2954ef307eaf6198d0785f047db06f499efa60fef1
- SSDEEP
  
  12288:oXrrQn/RFjC9p4V30jSDgm/LR/+d1QNGDYgSB2RvG3ouk2ZkSUVDs7:oXfQ//Cn41zDgmFOQGDlIRou5Z3UVDs7
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2