Overview

overview

10

Static

static

3

ZyxBoostraper.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZyxBoostraper.exe

  • Size

    1.1MB

  • Sample

    241020-zr9h5s1gqp

  • MD5

    180627b0dcf27f84e8b70907aeedb38f

  • SHA1

    debad0084f0bdcc5516903aae8b1b4e484ebfa94

  • SHA256

    c3131dbc372d5e60d8dc8a36d37b0fbfb25aa4dc5b56d3975f2f89ace71a3fc0

  • SHA512

    857a5531ad8fdafc795afdf8d58023b3613035e57e2b5d70473df03d9d218b9a58ac4056cf9ebdf54cfbd4843fd22eeae67dbb1ce8b14729249b73dedc624a2c

  • SSDEEP

    24576:xWr09CIgB8wbbFhd3xAJrjaTesDm+QO0:xWr0MI4dfFrWJXa/D

Score
10/10
adwindexecutiontrojan

Malware Config

Targets

    • Target

      ZyxBoostraper.exe

    • Size

      1.1MB

    • MD5

      180627b0dcf27f84e8b70907aeedb38f

    • SHA1

      debad0084f0bdcc5516903aae8b1b4e484ebfa94

    • SHA256

      c3131dbc372d5e60d8dc8a36d37b0fbfb25aa4dc5b56d3975f2f89ace71a3fc0

    • SHA512

      857a5531ad8fdafc795afdf8d58023b3613035e57e2b5d70473df03d9d218b9a58ac4056cf9ebdf54cfbd4843fd22eeae67dbb1ce8b14729249b73dedc624a2c

    • SSDEEP

      24576:xWr09CIgB8wbbFhd3xAJrjaTesDm+QO0:xWr0MI4dfFrWJXa/D

    Score
    10/10
    adwindexecutiontrojan

    • AdWind

      A Java-based RAT family operated as malware-as-a-service.

      trojanadwind

    • Class file contains resources related to AdWind

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks