Overview

overview

8

Static

static

Gemini.bat

windows7_x64

8

Gemini.bat

windows10-2004_x64

1

Gemini.exe

windows7_x64

6

Gemini.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1aec273004c1804ca7491860677c80fa6405ce0ec8843d1ffffbf5ff1f2f6c93

  • Size

    17KB

  • Sample

    220524-ws7t6aceg7

  • MD5

    2e470a74a27b2a29ebdb622158c4ada2

  • SHA1

    f284dd5a25538531927a8d5506dee02e03aac0e1

  • SHA256

    1aec273004c1804ca7491860677c80fa6405ce0ec8843d1ffffbf5ff1f2f6c93

  • SHA512

    844d801b3f328f2fb6a1e5ef0b7f49f82fea31e998d666754a0496ba7782eb62fc26ed98d5f9480d6409ade1d7aec73ae0c1c60d04493a72f441af8cf90c23f0

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      Gemini.bat

    • Size

      13KB

    • MD5

      4e2a7f369378a76d1df4d8c448f712af

    • SHA1

      1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

    • SHA256

      5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

    • SHA512

      90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      Gemini.exe

    • Size

      14KB

    • MD5

      19dbec50735b5f2a72d4199c4e184960

    • SHA1

      6fed7732f7cb6f59743795b2ab154a3676f4c822

    • SHA256

      a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

    • SHA512

      aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

2
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks