General

  • Target

    @Wanna.BuddyMemes.win.zip

  • Size

    5.7MB

  • Sample

    240309-vszm4sda87

  • MD5

    0e9a9f123c060ba25b0a940293bbd43a

  • SHA1

    6a4f0a5f67227c4aa8cfcdbb58c442e399b528e3

  • SHA256

    1cb1619eb5345a3d8d6aca8a8d221b523aadb3c59ae4778d4d471b22503caa5c

  • SHA512

    bf1beb6fd44dd8d0cc7743951fdac09eaa0408cf6e2984ac73347cc0900eeb142f908546b7e3a1ae5ac4680224ae37881e582d98eac3ade730e6610587b47022

  • SSDEEP

    98304:RC00b49gKZlvW/erCw1WooPemkiO6jR1DGji0VwoEpe3UxBH772Xg:RC00b49JZlvW/ed1WooWt0JiwoE43UXJ

Malware Config

Targets

    • Target

      @Wanna.BuddyMemes.win.zip

    • Size

      5.7MB

    • MD5

      0e9a9f123c060ba25b0a940293bbd43a

    • SHA1

      6a4f0a5f67227c4aa8cfcdbb58c442e399b528e3

    • SHA256

      1cb1619eb5345a3d8d6aca8a8d221b523aadb3c59ae4778d4d471b22503caa5c

    • SHA512

      bf1beb6fd44dd8d0cc7743951fdac09eaa0408cf6e2984ac73347cc0900eeb142f908546b7e3a1ae5ac4680224ae37881e582d98eac3ade730e6610587b47022

    • SSDEEP

      98304:RC00b49gKZlvW/erCw1WooPemkiO6jR1DGji0VwoEpe3UxBH772Xg:RC00b49JZlvW/ed1WooWt0JiwoE43UXJ

    Score
    1/10
    • Target

      Bonzify.exe

    • Size

      6.4MB

    • MD5

      fba93d8d029e85e0cde3759b7903cee2

    • SHA1

      525b1aa549188f4565c75ab69e51f927204ca384

    • SHA256

      66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764

    • SHA512

      7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

    • SSDEEP

      196608:adAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:OaWedh+Idx75QYub//73lc6u7bLMYxD

    • Modifies AppInit DLL entries

    • Modifies Installed Components in the registry

    • Possible privilege escalation attempt

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      LOVE-LETTER-FOR-YOU.TXT.vbs

    • Size

      14KB

    • MD5

      48ac397b96a30da6d67ffcf5b555e69c

    • SHA1

      6b509435d7ab375d40231081417a340910da513c

    • SHA256

      b6dc96d48ee73fda299a8f8dac2335ed4bf710f5166ce093aa8734256a205569

    • SHA512

      4dd6ca7a18b7dceac16a8cec892f658a2389efe3b6a936ac9bf26f20a99a7a65d76dec1a412988e9a5be59276a7f7c0bca08583a474c8a9609799a4bab4ed5f2

    • SSDEEP

      384:U8kvaf1TYIe6lrsRjcOe/qEVqyK6hNj68BYqhYRLyfwjNOVjVA:U8f18Ie2rsmj68uYji5

    Score
    1/10
    • Target

      MEMZ.exe

    • Size

      16KB

    • MD5

      1d5ad9c8d3fee874d0feb8bfac220a11

    • SHA1

      ca6d3f7e6c784155f664a9179ca64e4034df9595

    • SHA256

      3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

    • SHA512

      c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

    • SSDEEP

      192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      salinewin.exe

    • Size

      283KB

    • MD5

      2b1e9226d7e1015552a21faca891ec41

    • SHA1

      f87fcbe10fa9312048214d4473498ad4f9f331ce

    • SHA256

      7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada

    • SHA512

      1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e

    • SSDEEP

      3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3

    • Disables Task Manager via registry modification

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks