adwind | a525e88006849f0a7eff3f9de0c95d6ad3f6e88cda918ebc0fae3d6b39549b2f | Triage

Submit
Reports

Overview

overview

Static

static

1

b54f9e1476...18.jar

windows7-x64

1

b54f9e1476...18.jar

windows10-2004-x64

Sharing

General

Target

b54f9e14769eaf13499d8ae127f41b4f_JaffaCakes118
Size

544KB
Sample

240616-1eezfashpp
MD5

b54f9e14769eaf13499d8ae127f41b4f
SHA1

9a4efb26695fb617445d1906e891cecb2c603a77
SHA256

a525e88006849f0a7eff3f9de0c95d6ad3f6e88cda918ebc0fae3d6b39549b2f
SHA512

03b818222f244a4a67d3012dba145b71e6f5f7616e216b784c81c0254e8b5f3b40ba8ef252bb8b240f79b816d3b9ce4510c76df2754b9251f79641f840a4d08d
SSDEEP

12288:BwZDOaeh4XFKNqFW74QP6oEtTYRp9Z1IXSr+8yhb+rNoWm:6t+41OMkEtTYRpf1cSQb4CT

Score

10^/10

adwind discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

b54f9e14769eaf13499d8ae127f41b4f_JaffaCakes118.jar

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

b54f9e14769eaf13499d8ae127f41b4f_JaffaCakes118.jar

Resource

win10v2004-20240508-en

adwind discovery evasion persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  b54f9e14769eaf13499d8ae127f41b4f_JaffaCakes118
- Size
  
  544KB
- MD5
  
  b54f9e14769eaf13499d8ae127f41b4f
- SHA1
  
  9a4efb26695fb617445d1906e891cecb2c603a77
- SHA256
  
  a525e88006849f0a7eff3f9de0c95d6ad3f6e88cda918ebc0fae3d6b39549b2f
- SHA512
  
  03b818222f244a4a67d3012dba145b71e6f5f7616e216b784c81c0254e8b5f3b40ba8ef252bb8b240f79b816d3b9ce4510c76df2754b9251f79641f840a4d08d
- SSDEEP
  
  12288:BwZDOaeh4XFKNqFW74QP6oEtTYRp9Z1IXSr+8yhb+rNoWm:6t+41OMkEtTYRpf1cSQb4CT
Score

10^/10

adwind discovery evasion persistence trojan
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- UAC bypass
  evasion trojan
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

adwinddiscoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy