Overview

overview

8

Static

static

VineMEMZ-Original.exe

windows7_x64

8

VineMEMZ-Original.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VineMEMZ-Original.exe

  • Size

    39.6MB

  • Sample

    210711-lrmrfq7pge

  • MD5

    7640b072f643d0f684d0041a99dd5492

  • SHA1

    4aa96bde37606abab714ae7b7e6e8dc52a5454b3

  • SHA256

    8b52641761b0f144b26ca3b27f20d9ffffed1270d2c90b9ee5dfc60c7794e502

  • SHA512

    2988e784e4cb9151709e3f6afe1c33a28f89a55d4f7d7d3e9f7002a466648e6961f9bc1346250becc30f2c363fe5bdce2d109cc7cd7ec3c709a171a7b9865e8b

Score
8/10
bootkitpersistenceransomware

Malware Config

Targets

    • Target

      VineMEMZ-Original.exe

    • Size

      39.6MB

    • MD5

      7640b072f643d0f684d0041a99dd5492

    • SHA1

      4aa96bde37606abab714ae7b7e6e8dc52a5454b3

    • SHA256

      8b52641761b0f144b26ca3b27f20d9ffffed1270d2c90b9ee5dfc60c7794e502

    • SHA512

      2988e784e4cb9151709e3f6afe1c33a28f89a55d4f7d7d3e9f7002a466648e6961f9bc1346250becc30f2c363fe5bdce2d109cc7cd7ec3c709a171a7b9865e8b

    Score
    8/10
    bootkitpersistenceransomware

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Tasks