adwind | 750148d79d393e656f34388d16b2f5494147fa49eb7258964e1a10dd87331147 | Triage

Submit
Reports

Overview

overview

Static

static

1

b4835aa34d...18.jar

windows7-x64

b4835aa34d...18.jar

windows10-2004-x64

Sharing

General

Target

b4835aa34d4d7cffa8ad9a21fcdbdd78_JaffaCakes118
Size

684KB
Sample

240616-wvwjxavglq
MD5

b4835aa34d4d7cffa8ad9a21fcdbdd78
SHA1

1eb444f23d1a3661f9d6a68c4bf56abc99288776
SHA256

750148d79d393e656f34388d16b2f5494147fa49eb7258964e1a10dd87331147
SHA512

7b3fc1786964c1fbca538103e945c9db5cb5131586f24c60c2125ebc4bea5ada581508cb06157d6561ed79dba173a74bdc0fd455db65982e87635542e16f9f16
SSDEEP

12288:BzEYe5sWd9m2KHSCdZF1MmY9zPmAlVf3/Eoj3nh/wSvBle6bRy8RWY7lwukUFDuH:NeKacZF1MzPftsBSX9lyKWYlDu33

Score

10^/10

adwind discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

b4835aa34d4d7cffa8ad9a21fcdbdd78_JaffaCakes118.jar

Resource

win7-20240508-en

adwind persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4835aa34d4d7cffa8ad9a21fcdbdd78_JaffaCakes118.jar

Resource

win10v2004-20240611-en

adwind discovery persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  b4835aa34d4d7cffa8ad9a21fcdbdd78_JaffaCakes118
- Size
  
  684KB
- MD5
  
  b4835aa34d4d7cffa8ad9a21fcdbdd78
- SHA1
  
  1eb444f23d1a3661f9d6a68c4bf56abc99288776
- SHA256
  
  750148d79d393e656f34388d16b2f5494147fa49eb7258964e1a10dd87331147
- SHA512
  
  7b3fc1786964c1fbca538103e945c9db5cb5131586f24c60c2125ebc4bea5ada581508cb06157d6561ed79dba173a74bdc0fd455db65982e87635542e16f9f16
- SSDEEP
  
  12288:BzEYe5sWd9m2KHSCdZF1MmY9zPmAlVf3/Eoj3nh/wSvBle6bRy8RWY7lwukUFDuH:NeKacZF1MzPftsBSX9lyKWYlDu33
Score

10^/10

adwind persistence trojan discovery
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

adwinddiscoverypersistencetrojan

© 2018-2024

Terms | Privacy