a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d | Triage

Submit
Reports

Overview

overview

7

Static

static

3

MEMZ.exe

windows7-x64

6

MEMZ.exe

windows10-2004-x64

7

Sharing

General

Target

MEMZ.exe
Size

14KB
Sample

241124-acnkpazmck
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit discovery persistence phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

MEMZ.exe

Resource

win7-20241010-en

bootkit discovery persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

MEMZ.exe

Resource

win10v2004-20241007-en

bootkit discovery persistence phishing

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  MEMZ.exe
- Size
  
  14KB
- MD5
  
  19dbec50735b5f2a72d4199c4e184960
- SHA1
  
  6fed7732f7cb6f59743795b2ab154a3676f4c822
- SHA256
  
  a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
- SHA512
  
  aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
- SSDEEP
  
  192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Score

7^/10

bootkit discovery persistence phishing
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistencephishing

© 2018-2024

Terms | Privacy