General

  • Target

    MEMZ.bat

  • Size

    13KB

  • Sample

    240508-xy2qrsah5s

  • MD5

    63c6ec6b042bcb00d2d832c0e4f25dca

  • SHA1

    a904a7c3fc89ff497e91384a63db3282e00d31ce

  • SHA256

    dae968f47476ef79b122e771ccd0a2bacde2ac3535f68047239682fefa3dfe50

  • SHA512

    1454cd79a59f0603ae083abb7f3b1438e18c7858ab04dfc3df1a725cee72be48274c289d5c0a44ce415f4bdf8a2c316312453862381fdbf0f4af97a62234e41a

  • SSDEEP

    192:E7N3ODNPiwc205VjF+Ijytxd+7yxpVtLoTKihWn5hhHxGtHfzf+H/0Nz6hcbXR:E85qwc35O1+7y/LphxxGtHAhubXR

Malware Config

Targets

    • Target

      MEMZ.bat

    • Size

      13KB

    • MD5

      63c6ec6b042bcb00d2d832c0e4f25dca

    • SHA1

      a904a7c3fc89ff497e91384a63db3282e00d31ce

    • SHA256

      dae968f47476ef79b122e771ccd0a2bacde2ac3535f68047239682fefa3dfe50

    • SHA512

      1454cd79a59f0603ae083abb7f3b1438e18c7858ab04dfc3df1a725cee72be48274c289d5c0a44ce415f4bdf8a2c316312453862381fdbf0f4af97a62234e41a

    • SSDEEP

      192:E7N3ODNPiwc205VjF+Ijytxd+7yxpVtLoTKihWn5hhHxGtHfzf+H/0Nz6hcbXR:E85qwc35O1+7y/LphxxGtHAhubXR

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks