Overview
overview
8Static
static
3@Wanna.Bud...in.zip
windows7-x64
1@Wanna.Bud...in.zip
windows10-1703-x64
1@Wanna.Bud...in.zip
windows10-2004-x64
1@Wanna.Bud...in.zip
windows11-21h2-x64
1Bonzify.exe
windows7-x64
8Bonzify.exe
windows10-1703-x64
8Bonzify.exe
windows10-2004-x64
8Bonzify.exe
windows11-21h2-x64
8LOVE-LETTE...XT.vbs
windows7-x64
1LOVE-LETTE...XT.vbs
windows10-1703-x64
1LOVE-LETTE...XT.vbs
windows10-2004-x64
1LOVE-LETTE...XT.vbs
windows11-21h2-x64
1MEMZ.exe
windows7-x64
6MEMZ.exe
windows10-1703-x64
7MEMZ.exe
windows10-2004-x64
7MEMZ.exe
windows11-21h2-x64
6salinewin.exe
windows7-x64
8salinewin.exe
windows10-1703-x64
8salinewin.exe
windows10-2004-x64
8salinewin.exe
windows11-21h2-x64
8General
-
Target
@Wanna.BuddyMemes.win.zip
-
Size
5.7MB
-
Sample
240309-vszm4sda87
-
MD5
0e9a9f123c060ba25b0a940293bbd43a
-
SHA1
6a4f0a5f67227c4aa8cfcdbb58c442e399b528e3
-
SHA256
1cb1619eb5345a3d8d6aca8a8d221b523aadb3c59ae4778d4d471b22503caa5c
-
SHA512
bf1beb6fd44dd8d0cc7743951fdac09eaa0408cf6e2984ac73347cc0900eeb142f908546b7e3a1ae5ac4680224ae37881e582d98eac3ade730e6610587b47022
-
SSDEEP
98304:RC00b49gKZlvW/erCw1WooPemkiO6jR1DGji0VwoEpe3UxBH772Xg:RC00b49JZlvW/ed1WooWt0JiwoE43UXJ
Static task
static1
Behavioral task
behavioral1
Sample
@Wanna.BuddyMemes.win.zip
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
@Wanna.BuddyMemes.win.zip
Resource
win10-20240221-en
Behavioral task
behavioral3
Sample
@Wanna.BuddyMemes.win.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
@Wanna.BuddyMemes.win.zip
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
Bonzify.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Bonzify.exe
Resource
win10-20240221-en
Behavioral task
behavioral7
Sample
Bonzify.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
Bonzify.exe
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
LOVE-LETTER-FOR-YOU.TXT.vbs
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
LOVE-LETTER-FOR-YOU.TXT.vbs
Resource
win10-20240221-en
Behavioral task
behavioral11
Sample
LOVE-LETTER-FOR-YOU.TXT.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
LOVE-LETTER-FOR-YOU.TXT.vbs
Resource
win11-20240221-en
Behavioral task
behavioral13
Sample
MEMZ.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MEMZ.exe
Resource
win10-20240221-en
Behavioral task
behavioral15
Sample
MEMZ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
MEMZ.exe
Resource
win11-20240221-en
Behavioral task
behavioral17
Sample
salinewin.exe
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
salinewin.exe
Resource
win10-20240221-en
Behavioral task
behavioral19
Sample
salinewin.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
salinewin.exe
Resource
win11-20240214-en
Malware Config
Targets
-
-
Target
@Wanna.BuddyMemes.win.zip
-
Size
5.7MB
-
MD5
0e9a9f123c060ba25b0a940293bbd43a
-
SHA1
6a4f0a5f67227c4aa8cfcdbb58c442e399b528e3
-
SHA256
1cb1619eb5345a3d8d6aca8a8d221b523aadb3c59ae4778d4d471b22503caa5c
-
SHA512
bf1beb6fd44dd8d0cc7743951fdac09eaa0408cf6e2984ac73347cc0900eeb142f908546b7e3a1ae5ac4680224ae37881e582d98eac3ade730e6610587b47022
-
SSDEEP
98304:RC00b49gKZlvW/erCw1WooPemkiO6jR1DGji0VwoEpe3UxBH772Xg:RC00b49JZlvW/ed1WooWt0JiwoE43UXJ
Score1/10 -
-
-
Target
Bonzify.exe
-
Size
6.4MB
-
MD5
fba93d8d029e85e0cde3759b7903cee2
-
SHA1
525b1aa549188f4565c75ab69e51f927204ca384
-
SHA256
66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
-
SHA512
7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
-
SSDEEP
196608:adAMaWetTeAkLIdx751qFTkub//73lc6u7b5VJ2Yx5xIdk3:OaWedh+Idx75QYub//73lc6u7bLMYxD
Score8/10-
Modifies AppInit DLL entries
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
LOVE-LETTER-FOR-YOU.TXT.vbs
-
Size
14KB
-
MD5
48ac397b96a30da6d67ffcf5b555e69c
-
SHA1
6b509435d7ab375d40231081417a340910da513c
-
SHA256
b6dc96d48ee73fda299a8f8dac2335ed4bf710f5166ce093aa8734256a205569
-
SHA512
4dd6ca7a18b7dceac16a8cec892f658a2389efe3b6a936ac9bf26f20a99a7a65d76dec1a412988e9a5be59276a7f7c0bca08583a474c8a9609799a4bab4ed5f2
-
SSDEEP
384:U8kvaf1TYIe6lrsRjcOe/qEVqyK6hNj68BYqhYRLyfwjNOVjVA:U8f18Ie2rsmj68uYji5
Score1/10 -
-
-
Target
MEMZ.exe
-
Size
16KB
-
MD5
1d5ad9c8d3fee874d0feb8bfac220a11
-
SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595
-
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
-
SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
SSDEEP
192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
salinewin.exe
-
Size
283KB
-
MD5
2b1e9226d7e1015552a21faca891ec41
-
SHA1
f87fcbe10fa9312048214d4473498ad4f9f331ce
-
SHA256
7163fefbf2f865ef78a2d3d4480532fffb979300d6f0a77b6f3fc5c4b0d2cada
-
SHA512
1852f6d05c9fca962178bc190bc8c90f0ca54ea99714480690f44417e49eee6c392579091ae8a6cd053ec47ad1980dbbbc0db3e0e00520ee1bdbadbf8dc9d69e
-
SSDEEP
3072:HZVUJ58IAelkapH3shY6iEwgaBZP5pHQpYR95WPNpNMl3:nUJ5PzB5ZPPHQpY35WPNpGl3
Score8/10-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Defense Evasion
File and Directory Permissions Modification
1Modify Registry
5Pre-OS Boot
1Bootkit
1