General
-
Target
MEMZ.zip
-
Size
8KB
-
Sample
230331-3sn6dafg8x
-
MD5
69977a5d1c648976d47b69ea3aa8fcaa
-
SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a
-
SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
-
SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd
-
SSDEEP
192:8xI2dw4xXlsUjs1ScK3ZeD6dUqENj710+MZ9R1SVBIpp:b2dHiosKA6OqEx2t9R1SLIL
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ.zip
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
MEMZ.zip
-
Size
8KB
-
MD5
69977a5d1c648976d47b69ea3aa8fcaa
-
SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a
-
SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
-
SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd
-
SSDEEP
192:8xI2dw4xXlsUjs1ScK3ZeD6dUqENj710+MZ9R1SVBIpp:b2dHiosKA6OqEx2t9R1SLIL
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Winlogon Helper DLL
1Registry Run Keys / Startup Folder
1Bootkit
1Hidden Files and Directories
1Defense Evasion
Modify Registry
7Disabling Security Tools
2Hidden Files and Directories
1