3873c69cccf2a31a8e178f98a0ba2ed4bdcf78985e5889d8b2dba42ffc255930 | Triage

Submit
Reports

Overview

overview

9

Static

static

dp.5.5.57.setup.exe

windows7_x64

9

dp.5.5.57.setup.exe

windows10_x64

9

Sharing

General

Target

dp.5.5.57.setup.exe
Size

8.6MB
Sample

210414-anezx1v14x
MD5

e44256e244663658506a5509d9dc04b7
SHA1

76f370862a5bfc2b5d7664779c3959cf79db38a6
SHA256

3873c69cccf2a31a8e178f98a0ba2ed4bdcf78985e5889d8b2dba42ffc255930
SHA512

668fea4bd87d828d27694eddfc7a0c6ea6b5851172f964a521914be55c92409a94ae55c8b01f8f31b1233014330c002de2a481d7a5684c7cf3375e208f9eafc6

Score

9^/10

aspackv2 bootkit discovery persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

dp.5.5.57.setup.exe

Resource

win7v20210410

aspackv2 bootkit discovery persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dp.5.5.57.setup.exe

Resource

win10v20210408

aspackv2 discovery persistence upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dp.5.5.57.setup.exe
- Size
  
  8.6MB
- MD5
  
  e44256e244663658506a5509d9dc04b7
- SHA1
  
  76f370862a5bfc2b5d7664779c3959cf79db38a6
- SHA256
  
  3873c69cccf2a31a8e178f98a0ba2ed4bdcf78985e5889d8b2dba42ffc255930
- SHA512
  
  668fea4bd87d828d27694eddfc7a0c6ea6b5851172f964a521914be55c92409a94ae55c8b01f8f31b1233014330c002de2a481d7a5684c7cf3375e208f9eafc6
Score

9^/10

aspackv2 bootkit discovery persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2bootkitdiscoverypersistenceupx

behavioral2

aspackv2discoverypersistenceupx

© 2018-2024

Terms | Privacy