Managed XDR

email.txt (Adwind) — malware analysis report

File info

Filename
email.txt
File type
SMTP mail, ASCII text, with very long lines, with CRLF line terminators
File size
90.7 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
8610dee0b20e312855744800e92bcabefff6e472
SHA256
5911619147c063082839f5ed631da12085a785e0727a6014ac0c3964cf156684
MD5
9e9e36114e9555a5d92a1c0fae37d871

Malwares

  • Adwind

Signatures

Execution

T1204.002 mimics_extension: Attempts to mimic the file extension

Persistence

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup

Privilege Escalation

T1547.001 persistence_autorun: Makes itself run automatically on Windows startup
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036 mimics_extension: Attempts to mimic the file extension
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1564.001 stealth_file: Creates hidden or system files
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
networkdyndns_checkip: Connects to a Dynamic DNS domain
creates_in_windows: Creates files in the Windows directory
opens_document: Opens office documents
creates_exe: Creates executable files in the file system
creates_doc: Creates (office) documents in the file system
creates_in_programdata: Creates files in the ProgramData directory
suricata_alert: Malicious traffic detected

Related reports