Overview

overview

8

Static

static

1

MEMZ-virus

windows11-21h2-x64

Resubmissions

20-04-2024 13:40

240420-qyvtwsae6w 1

20-04-2024 13:17

240420-qjcprshe74 8

20-04-2024 13:14

240420-qgw1mahe46 1

20-04-2024 13:10

240420-qewbbaab4v 8

20-04-2024 13:03

240420-qacneaaa3s 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MEMZ-virus

  • Size

    216KB

  • Sample

    240420-qacneaaa3s

  • MD5

    9bc1dec9d7d85c244c741184bb43fcc4

  • SHA1

    caaca15b00951b9defc1c46aea4ed221792fbd9e

  • SHA256

    c242bfe3e1830dd8586b05a3c1d05b0e034cc640e359df8620e3d0972a61ba3e

  • SHA512

    7a17549656f563f5eff05bee1fe316119c46ab4ec4beccb56c889f20d288f57d05ca1882cb79e27b9ceff176a388ec2e08f816ef4949ad8baf5b9cd8106520d6

  • SSDEEP

    6144:xDuqJgf7eVSgE29xxskm0nayRo3f90vZJT3CqbMrhryfQNRPaCieMjAkvCJv1ViE:Wf7eVSgE29xxskm0nayRo3f90vZJT3Cb

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      MEMZ-virus

    • Size

      216KB

    • MD5

      9bc1dec9d7d85c244c741184bb43fcc4

    • SHA1

      caaca15b00951b9defc1c46aea4ed221792fbd9e

    • SHA256

      c242bfe3e1830dd8586b05a3c1d05b0e034cc640e359df8620e3d0972a61ba3e

    • SHA512

      7a17549656f563f5eff05bee1fe316119c46ab4ec4beccb56c889f20d288f57d05ca1882cb79e27b9ceff176a388ec2e08f816ef4949ad8baf5b9cd8106520d6

    • SSDEEP

      6144:xDuqJgf7eVSgE29xxskm0nayRo3f90vZJT3CqbMrhryfQNRPaCieMjAkvCJv1ViE:Wf7eVSgE29xxskm0nayRo3f90vZJT3Cb

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks