5357fbff137b5ad83b0ae7a2eb9f9762844987d888d29c3afec372568f525fde | Triage

Submit
Reports

Overview

overview

8

Static

static

5357fbff13...de.exe

windows7_x64

8

5357fbff13...de.exe

windows10-2004_x64

8

Sharing

General

Target

5357fbff137b5ad83b0ae7a2eb9f9762844987d888d29c3afec372568f525fde
Size

2.0MB
Sample

220520-wlqbjabdb5
MD5

c8cba838e87f76326dff14153ffa7070
SHA1

91cd18b7dad6f3e1cbc08fd0c6ac8e552f0b3590
SHA256

5357fbff137b5ad83b0ae7a2eb9f9762844987d888d29c3afec372568f525fde
SHA512

2e83f2f8ed6f4688781f3636b41b95040f414d0dc141e66037b039b6d4895c0a56552ef1ad0503356f533753aef8840b312fe81415128853994c14532d401194

Score

8^/10

aspackv2 bootkit evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

5357fbff137b5ad83b0ae7a2eb9f9762844987d888d29c3afec372568f525fde.exe

Resource

win7-20220414-en

aspackv2 bootkit evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5357fbff137b5ad83b0ae7a2eb9f9762844987d888d29c3afec372568f525fde.exe

Resource

win10v2004-20220414-en

aspackv2 bootkit evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5357fbff137b5ad83b0ae7a2eb9f9762844987d888d29c3afec372568f525fde
- Size
  
  2.0MB
- MD5
  
  c8cba838e87f76326dff14153ffa7070
- SHA1
  
  91cd18b7dad6f3e1cbc08fd0c6ac8e552f0b3590
- SHA256
  
  5357fbff137b5ad83b0ae7a2eb9f9762844987d888d29c3afec372568f525fde
- SHA512
  
  2e83f2f8ed6f4688781f3636b41b95040f414d0dc141e66037b039b6d4895c0a56552ef1ad0503356f533753aef8840b312fe81415128853994c14532d401194
Score

8^/10

aspackv2 bootkit evasion persistence trojan
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2bootkitevasionpersistencetrojan

behavioral2

aspackv2bootkitevasionpersistencetrojan

© 2018-2024

Terms | Privacy