Overview

overview

8

Static

static

8

客户端.exe

windows7_x64

8

客户端.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    客户端.exe

  • Size

    128KB

  • Sample

    210211-fxdvpmqv4e

  • MD5

    f40488f37218658bbc8f8897ae240d32

  • SHA1

    69324969b0ec1c8b467037514005e9368a997765

  • SHA256

    cc3cc6a1905bcacf25dd804f51b1856cea7f69f751d8981a1fe34d1b77a8a494

  • SHA512

    269d08d7cabca91220f0a76c8def4f7848443ae3c26e094a0a93a5fc4fd95fb39a296172b918735a1e35d470b6c10da5459c5f7f892497162a53c363ef090a81

Score
8/10
aspackv2persistenceupx

Malware Config

Targets

    • Target

      客户端.exe

    • Size

      128KB

    • MD5

      f40488f37218658bbc8f8897ae240d32

    • SHA1

      69324969b0ec1c8b467037514005e9368a997765

    • SHA256

      cc3cc6a1905bcacf25dd804f51b1856cea7f69f751d8981a1fe34d1b77a8a494

    • SHA512

      269d08d7cabca91220f0a76c8def4f7848443ae3c26e094a0a93a5fc4fd95fb39a296172b918735a1e35d470b6c10da5459c5f7f892497162a53c363ef090a81

    Score
    8/10
    aspackv2persistenceupx

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks