General
-
Target
MEMZ 3.0.zip.zip
-
Size
16KB
-
Sample
230323-j8as5sgd7x
-
MD5
7c423354cde6e57b90f290e75d6fb536
-
SHA1
14c490bc51313bacad31afea716fa9c21469a40d
-
SHA256
266d55fa5a8cee9d08c93c10f06cd75b8c2a7cd181933f9f955cc4e1333b5475
-
SHA512
40e2ea0f901cd501aca7b6fe7f6b89f343547940045ba634edd021a4391117bd820cc919f61984c97a1610d8bdd9ad456c3d63f9b13510a410f125634141d21d
-
SSDEEP
384:beWfD0Z8KHI8+EjtxPArykp2abxWcG2ABHxjnmvwf3o:bPfD1KHjtEwcJ4zmk3o
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20230221-es
Behavioral task
behavioral3
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20230220-es
Behavioral task
behavioral4
Sample
MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20230220-es
Malware Config
Targets
-
-
Target
MEMZ 3.0/MEMZ.bat
-
Size
12KB
-
MD5
13a43c26bb98449fd82d2a552877013a
-
SHA1
71eb7dc393ac1f204488e11f5c1eef56f1e746af
-
SHA256
5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
-
SHA512
602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
-
SSDEEP
384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
MEMZ 3.0/MEMZ.exe
-
Size
12KB
-
MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91
-
SHA1
761168201520c199dba68add3a607922d8d4a86e
-
SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
-
SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
SSDEEP
192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-