266d55fa5a8cee9d08c93c10f06cd75b8c2a7cd181933f9f955cc4e1333b5475 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

MEMZ 3.0/MEMZ.bat

windows7-x64

7

MEMZ 3.0/MEMZ.bat

windows10-2004-x64

7

MEMZ 3.0/MEMZ.exe

windows7-x64

6

MEMZ 3.0/MEMZ.exe

windows10-2004-x64

7

Sharing

General

Target

MEMZ 3.0.zip.zip
Size

16KB
Sample

230323-j8as5sgd7x
MD5

7c423354cde6e57b90f290e75d6fb536
SHA1

14c490bc51313bacad31afea716fa9c21469a40d
SHA256

266d55fa5a8cee9d08c93c10f06cd75b8c2a7cd181933f9f955cc4e1333b5475
SHA512

40e2ea0f901cd501aca7b6fe7f6b89f343547940045ba634edd021a4391117bd820cc919f61984c97a1610d8bdd9ad456c3d63f9b13510a410f125634141d21d
SSDEEP

384:beWfD0Z8KHI8+EjtxPArykp2abxWcG2ABHxjnmvwf3o:bPfD1KHjtEwcJ4zmk3o

Score

7^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

MEMZ 3.0/MEMZ.bat

Resource

win7-20230220-es

bootkit persistence

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

MEMZ 3.0/MEMZ.bat

Resource

win10v2004-20230221-es

bootkit persistence

windows10-2004-x64

18 signatures

300 seconds

Behavioral task

behavioral3

Sample

MEMZ 3.0/MEMZ.exe

Resource

win7-20230220-es

bootkit persistence

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral4

Sample

MEMZ 3.0/MEMZ.exe

Resource

win10v2004-20230220-es

bootkit persistence

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Targets

- Target
  
  MEMZ 3.0/MEMZ.bat
- Size
  
  12KB
- MD5
  
  13a43c26bb98449fd82d2a552877013a
- SHA1
  
  71eb7dc393ac1f204488e11f5c1eef56f1e746af
- SHA256
  
  5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
- SHA512
  
  602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
- SSDEEP
  
  384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  MEMZ 3.0/MEMZ.exe
- Size
  
  12KB
- MD5
  
  a7bcf7ea8e9f3f36ebfb85b823e39d91
- SHA1
  
  761168201520c199dba68add3a607922d8d4a86e
- SHA256
  
  3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
- SHA512
  
  89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
- SSDEEP
  
  192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

bootkitpersistence

behavioral4

bootkitpersistence

© 2018-2024

Terms | Privacy