Overview

overview

10

Static

static

3

Maze.exe

windows7-x64

3

Maze.exe

windows10-2004-x64

10

Resubmissions

19-05-2023 03:53

230519-efy8tafa67 10

19-05-2023 03:50

230519-ed1c4adh5v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Maze.exe

  • Size

    405KB

  • Sample

    230519-efy8tafa67

  • MD5

    90f6964889e76843cf42c4284db3d245

  • SHA1

    3ba802e59f48b3f6dae1c237edd5d41848be10e0

  • SHA256

    5f8b29e7c8f8bfa78b685c3a572b69dffbc52c0581b7872fe2166b2860a7ba19

  • SHA512

    910cd47e05ca2c5bd573851d738942f9735536c73ac459c499bdd96c20ca3320a23584e643ac69d104154632dde2ddd786ffca05ce8e41b9ad4fc2e4f6c77bc1

  • SSDEEP

    6144:sdjiklFfy93i6eT7Wu1AbseZkGGSAldub9Q+hKw:8ikbfy93i6C71GES0E

Score
10/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      Maze.exe

    • Size

      405KB

    • MD5

      90f6964889e76843cf42c4284db3d245

    • SHA1

      3ba802e59f48b3f6dae1c237edd5d41848be10e0

    • SHA256

      5f8b29e7c8f8bfa78b685c3a572b69dffbc52c0581b7872fe2166b2860a7ba19

    • SHA512

      910cd47e05ca2c5bd573851d738942f9735536c73ac459c499bdd96c20ca3320a23584e643ac69d104154632dde2ddd786ffca05ce8e41b9ad4fc2e4f6c77bc1

    • SSDEEP

      6144:sdjiklFfy93i6eT7Wu1AbseZkGGSAldub9Q+hKw:8ikbfy93i6C71GES0E

    Score
    10/10
    bootkitevasionpersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks