Overview

overview

10

Static

static

1

MEmu-setup...22.exe

windows10-2004-x64

10

Resubmissions

21-04-2024 09:00

240421-kycqesga2z 6

22-03-2024 09:35

240322-lkjggscg8w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MEmu-setup-abroad-sdk-20240322.exe

  • Size

    23.0MB

  • Sample

    240322-lkjggscg8w

  • MD5

    f9ce897d93d4f77bca3cca8541a8addb

  • SHA1

    4ac5a68266c842fb997fd755c9d10d1975baa71f

  • SHA256

    89174acde0ea21562e6186847ba7d12aacd9b2b2132f456dd8335680daadd9a9

  • SHA512

    57ad25f1a3b1514e579fd9f61102d0e6ea42e32bb9371fa447ab6e8c4403a018ee5b1959f3038dd591c930ecc4b535abe6851693334a67542acb7877152b0a6a

  • SSDEEP

    393216:w95Rjktqn778Sd3o+83Jsv6tWKFdu9CwvUiPbKv647n+YlmYz:MRjkG7Iq3oOD2vegm0

Score
10/10
ahmythguerrillamandrakebootkitdiscoveryinfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      MEmu-setup-abroad-sdk-20240322.exe

    • Size

      23.0MB

    • MD5

      f9ce897d93d4f77bca3cca8541a8addb

    • SHA1

      4ac5a68266c842fb997fd755c9d10d1975baa71f

    • SHA256

      89174acde0ea21562e6186847ba7d12aacd9b2b2132f456dd8335680daadd9a9

    • SHA512

      57ad25f1a3b1514e579fd9f61102d0e6ea42e32bb9371fa447ab6e8c4403a018ee5b1959f3038dd591c930ecc4b535abe6851693334a67542acb7877152b0a6a

    • SSDEEP

      393216:w95Rjktqn778Sd3o+83Jsv6tWKFdu9CwvUiPbKv647n+YlmYz:MRjkG7Iq3oOD2vegm0

    Score
    10/10
    ahmythguerrillamandrakebootkitdiscoveryinfostealerpersistencerattrojan

    • AhMyth

      AhMyth is an open source Android remote administration tool.

      trojaninfostealerratahmyth

    • Guerrilla

      Guerrilla is an Android malware used by the Lemon Group threat actor.

      trojaninfostealerratguerrilla

    • Guerrilla payload

    • Mandrake

      Mandrake is an Android spyware first seen in 2020.

      trojaninfostealerratmandrake

    • Mandrake payload

    • Drops file in Drivers directory

    • Checks for any installed AV software in registry

    • Downloads MZ/PE file

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

Query Registry

4
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks