6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba | Triage

Submit
Reports

Overview

overview

Static

static

8

6df4ff54f1...ba.exe

windows7_x64

6df4ff54f1...ba.exe

windows10_x64

Sharing

General

Target

6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
Size

1.8MB
Sample

210228-qqf4ryfn92
MD5

b86065921a847a96538b72b2f973132f
SHA1

6e52c495184a556ab95320508b5c72b3e0e9f9ff
SHA256

6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
SHA512

32f010e3a7b26a60296f5c05302e81632d2b3d5c2cdc204ce12341151509a092b1993b47b24b058897e4cea4b095fc00ad7a173f3656da8cbe652483c6c1080e

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba.exe

Resource

win7v20201028

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba.exe

Resource

win10v20201028

aspackv2 persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
- Size
  
  1.8MB
- MD5
  
  b86065921a847a96538b72b2f973132f
- SHA1
  
  6e52c495184a556ab95320508b5c72b3e0e9f9ff
- SHA256
  
  6df4ff54f1949e7861655bc4f076010629e0e8cce7bb27d90716e74002665bba
- SHA512
  
  32f010e3a7b26a60296f5c05302e81632d2b3d5c2cdc204ce12341151509a092b1993b47b24b058897e4cea4b095fc00ad7a173f3656da8cbe652483c6c1080e
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy