adwind | 39bc96e86d7a6502c310e06825180c299a70128bb8eaa94ef7e5a0025342782d | Triage

Submit
Reports

Overview

overview

Static

static

1

bce55d9856...18.jar

windows7-x64

bce55d9856...18.jar

windows10-2004-x64

Sharing

General

Target

bce55d9856da631b5c069b00005bb44a_JaffaCakes118
Size

536KB
Sample

240618-tz19vavhrm
MD5

bce55d9856da631b5c069b00005bb44a
SHA1

51ee1bd68d8ec67ef245d0a60c403dd97fe9ae14
SHA256

39bc96e86d7a6502c310e06825180c299a70128bb8eaa94ef7e5a0025342782d
SHA512

b43b1aeade497a11958abb90f5f751ebd743b1fc8b440cb1f36311f03c322d5c2e12e45568ac55e42809b2ec245e1e48094a69679e884c3ecb5acb4be9914715
SSDEEP

12288:dGyp/J7n7QUVcZDcaWcH9JfQ8AB7dneH0smaLDwDdJmAOT:dGyv5V5WXfxAWBmeDwD1OT

Score

10^/10

adwind discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

bce55d9856da631b5c069b00005bb44a_JaffaCakes118.jar

Resource

win7-20240611-en

adwind persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bce55d9856da631b5c069b00005bb44a_JaffaCakes118.jar

Resource

win10v2004-20240226-en

adwind discovery persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  bce55d9856da631b5c069b00005bb44a_JaffaCakes118
- Size
  
  536KB
- MD5
  
  bce55d9856da631b5c069b00005bb44a
- SHA1
  
  51ee1bd68d8ec67ef245d0a60c403dd97fe9ae14
- SHA256
  
  39bc96e86d7a6502c310e06825180c299a70128bb8eaa94ef7e5a0025342782d
- SHA512
  
  b43b1aeade497a11958abb90f5f751ebd743b1fc8b440cb1f36311f03c322d5c2e12e45568ac55e42809b2ec245e1e48094a69679e884c3ecb5acb4be9914715
- SSDEEP
  
  12288:dGyp/J7n7QUVcZDcaWcH9JfQ8AB7dneH0smaLDwDdJmAOT:dGyv5V5WXfxAWBmeDwD1OT
Score

10^/10

adwind persistence trojan discovery
- AdWind
  A Java-based RAT family operated as malware-as-a-service.
  trojan adwind
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwindpersistencetrojan

behavioral2

adwinddiscoverypersistencetrojan

© 2018-2024

Terms | Privacy