61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc | Triage

Submit
Reports

Overview

overview

8

Static

static

3

[email protected]

windows11-21h2-x64

8

Resubmissions

03-05-2024 16:05

240503-tjpk4sag2z 7

27-02-2024 15:27

240227-sv1l3scg8t 6

27-02-2024 15:27

240227-svqrwacd96 3

27-02-2024 15:26

240227-svcv1scg6y 3

15-12-2023 14:57

231215-sb4jmaeha4 7

15-12-2023 14:56

231215-sbf4bsddbl 7

15-12-2023 14:54

231215-r911qadchm 7

28-11-2023 15:45

231128-s7e6xabc2x 10

28-11-2023 15:39

231128-s3ygpabb38 8

Sharing

General

Target

MEMZ.zip
Size

8KB
Sample

231128-s3ygpabb38
MD5

69977a5d1c648976d47b69ea3aa8fcaa
SHA1

4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256

61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512

ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd
SSDEEP

192:8xI2dw4xXlsUjs1ScK3ZeD6dUqENj710+MZ9R1SVBIpp:b2dHiosKA6OqEx2t9R1SLIL

Score

8^/10

bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

[email protected]

Resource

win11-20231128-en

bootkit discovery persistence

windows11-21h2-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  14KB
- MD5
  
  19dbec50735b5f2a72d4199c4e184960
- SHA1
  
  6fed7732f7cb6f59743795b2ab154a3676f4c822
- SHA256
  
  a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
- SHA512
  
  aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
- SSDEEP
  
  192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy