bbedadea5939a3485a101a7aa0acc28b9295f492741c2b9edff8672b755c0af1 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

bbedadea59...f1.exe

windows7_x64

8

bbedadea59...f1.exe

windows10-2004_x64

8

Sharing

General

Target

bbedadea5939a3485a101a7aa0acc28b9295f492741c2b9edff8672b755c0af1
Size

3.2MB
Sample

220524-1bz57scefr
MD5

c52f5ca43480573ed5d4b5366fad2be0
SHA1

b3bec5af80d4f81f823a339229a6f4d5059498b7
SHA256

bbedadea5939a3485a101a7aa0acc28b9295f492741c2b9edff8672b755c0af1
SHA512

1a57f394f1399da752592972a45790db00afdaed4b5e0d0e3f0ac371bb23a7706ad87849198ad57263ce4f67c1496a737eb333427f87d0e0c562387f1fa0f096

Score

8^/10

aspackv2 bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

bbedadea5939a3485a101a7aa0acc28b9295f492741c2b9edff8672b755c0af1.exe

Resource

win7-20220414-en

aspackv2 bootkit discovery persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bbedadea5939a3485a101a7aa0acc28b9295f492741c2b9edff8672b755c0af1.exe

Resource

win10v2004-20220414-en

aspackv2 bootkit discovery persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bbedadea5939a3485a101a7aa0acc28b9295f492741c2b9edff8672b755c0af1
- Size
  
  3.2MB
- MD5
  
  c52f5ca43480573ed5d4b5366fad2be0
- SHA1
  
  b3bec5af80d4f81f823a339229a6f4d5059498b7
- SHA256
  
  bbedadea5939a3485a101a7aa0acc28b9295f492741c2b9edff8672b755c0af1
- SHA512
  
  1a57f394f1399da752592972a45790db00afdaed4b5e0d0e3f0ac371bb23a7706ad87849198ad57263ce4f67c1496a737eb333427f87d0e0c562387f1fa0f096
Score

8^/10

aspackv2 bootkit discovery persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2bootkitdiscoverypersistence

behavioral2

aspackv2bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy