319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

memz-master.zip
Size

17KB
Sample

240422-vyx2gadh34
MD5

4790677e05d72ef7429dddf35562bf4a
SHA1

4243d6ea53db7e8cc0c355e70d6cffb54787b90b
SHA256

319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96
SHA512

a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3
SSDEEP

384:svCxvUI97GtSIiO0mw3pxspoCWdZs7n52mbFimtuckPXEKyuGSXCfAKrLwWtc:svZIZiAOnw3pcoYnFXoXEKyuZSAoLwWq

Score

7^/10

bootkit persistence

Malware Config

Targets

- Target
  
  MEMZ-master/MEMZ-Clean.exe
- Size
  
  12KB
- MD5
  
  9c642c5b111ee85a6bccffc7af896a51
- SHA1
  
  eca8571b994fd40e2018f48c214fab6472a98bab
- SHA256
  
  4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
- SHA512
  
  23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
- SSDEEP
  
  192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa
Score

1^/10
behavioral1 behavioral2
- Target
  
  MEMZ-master/MEMZ-Destructive.exe
- Size
  
  14KB
- MD5
  
  19dbec50735b5f2a72d4199c4e184960
- SHA1
  
  6fed7732f7cb6f59743795b2ab154a3676f4c822
- SHA256
  
  a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
- SHA512
  
  aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
- SSDEEP
  
  192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score

7^/10

bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bootkitpersistence

behavioral4

bootkitpersistence