Overview

overview

8

Static

static

0BC8EC41.msi

windows7_x64

0BC8EC41.msi

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0BC8EC41.msi

  • Size

    2.4MB

  • Sample

    210204-nhwqtapmna

  • MD5

    bde37153b7f4e860adba6bbdf91220e5

  • SHA1

    1294db6502c22de2c71d4d7090b1c3b5e730dd3e

  • SHA256

    5ef702036c5c3aa2d0b6d8650e20b2c5f55776c69eebf8c700f1770b56a35c35

  • SHA512

    432101aba509f4477f640298912d9d3dbeffb504b81b9b40b306ddb0f0a2be7d12069e1623b33289ad0d372cfc8cbe79cc87dc4573af72fa3ee62ee780a5b3ee

Score
8/10
aspackv2bootkitransomware

Malware Config

Targets

    • Target

      0BC8EC41.msi

    • Size

      2.4MB

    • MD5

      bde37153b7f4e860adba6bbdf91220e5

    • SHA1

      1294db6502c22de2c71d4d7090b1c3b5e730dd3e

    • SHA256

      5ef702036c5c3aa2d0b6d8650e20b2c5f55776c69eebf8c700f1770b56a35c35

    • SHA512

      432101aba509f4477f640298912d9d3dbeffb504b81b9b40b306ddb0f0a2be7d12069e1623b33289ad0d372cfc8cbe79cc87dc4573af72fa3ee62ee780a5b3ee

    Score
    8/10
    aspackv2bootkitransomware

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

      ransomwarebootkit

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks