Overview
overview
7Static
static
3MEMZ-Clean.bat
windows7-x64
7MEMZ-Clean.bat
windows10-2004-x64
7MEMZ-Clean.exe
windows7-x64
1MEMZ-Clean.exe
windows10-2004-x64
1MEMZ-Destructive.bat
windows7-x64
7MEMZ-Destructive.bat
windows10-2004-x64
7MEMZ-Destructive.exe
windows7-x64
6MEMZ-Destructive.exe
windows10-2004-x64
7General
-
Target
9dd47a244b5c04b947bc9cecededde93_JaffaCakes118
-
Size
30KB
-
Sample
240611-l96nbateln
-
MD5
9dd47a244b5c04b947bc9cecededde93
-
SHA1
e12e8c106eef2640255f22e31e0d3b906a7e6bc4
-
SHA256
444f06e4a7f544c6d247969365ae6ac9385bf071ef08ada507f95ea9a8720815
-
SHA512
57073834b045b742c848d9c0b8bb63c385546a33bfd62bb61431717e0716c407b0ec7376f81769f8537b1442aa7bfc850dae822e10529801e72f6c1f5201e358
-
SSDEEP
768:FZVJTCL59tyXIWPdSHt5MC209IPIgc9XrOjiT:pJE5nyXNoHtkOjggy2
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ-Clean.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MEMZ-Clean.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
MEMZ-Clean.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
MEMZ-Clean.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
MEMZ-Destructive.bat
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
MEMZ-Destructive.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
MEMZ-Destructive.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
MEMZ-Destructive.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
MEMZ-Clean.bat
-
Size
9KB
-
MD5
bbae81b88416d8fba76dd3145a831d19
-
SHA1
42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
-
SHA256
5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
-
SHA512
f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368
-
SSDEEP
192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3
Score7/10-
Executes dropped EXE
-
-
-
Target
MEMZ-Clean.exe
-
Size
12KB
-
MD5
9c642c5b111ee85a6bccffc7af896a51
-
SHA1
eca8571b994fd40e2018f48c214fab6472a98bab
-
SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
-
SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
-
SSDEEP
192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa
Score1/10 -
-
-
Target
MEMZ-Destructive.bat
-
Size
13KB
-
MD5
4e2a7f369378a76d1df4d8c448f712af
-
SHA1
1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
-
SHA256
5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
-
SHA512
90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
-
SSDEEP
192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
MEMZ-Destructive.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-