d050de9f6e7a053aa91550a8a883748b212388b0bd6bf15c7b3de64b0447089f | Triage

Submit
Reports

Overview

overview

8

Static

static

8

d050de9f6e...9f.exe

windows7_x64

8

d050de9f6e...9f.exe

windows10-2004_x64

8

Sharing

General

Target

d050de9f6e7a053aa91550a8a883748b212388b0bd6bf15c7b3de64b0447089f
Size

3.1MB
Sample

220524-29g8qafbdp
MD5

bfb661b2999df3c09616b6e8e51e4030
SHA1

989d746fb3e3819ced480aa680b9d99aa0420135
SHA256

d050de9f6e7a053aa91550a8a883748b212388b0bd6bf15c7b3de64b0447089f
SHA512

57b8dba368189b69a47e65085548a24860ae39f3630c458a126332c9e2dd37063850c04cefc9b9383ed9e208a329bf420ad53381f36eade5509ae33604dc37b9

Score

8^/10

aspackv2 bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

d050de9f6e7a053aa91550a8a883748b212388b0bd6bf15c7b3de64b0447089f.exe

Resource

win7-20220414-en

aspackv2 bootkit discovery persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d050de9f6e7a053aa91550a8a883748b212388b0bd6bf15c7b3de64b0447089f.exe

Resource

win10v2004-20220414-en

aspackv2 bootkit discovery persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d050de9f6e7a053aa91550a8a883748b212388b0bd6bf15c7b3de64b0447089f
- Size
  
  3.1MB
- MD5
  
  bfb661b2999df3c09616b6e8e51e4030
- SHA1
  
  989d746fb3e3819ced480aa680b9d99aa0420135
- SHA256
  
  d050de9f6e7a053aa91550a8a883748b212388b0bd6bf15c7b3de64b0447089f
- SHA512
  
  57b8dba368189b69a47e65085548a24860ae39f3630c458a126332c9e2dd37063850c04cefc9b9383ed9e208a329bf420ad53381f36eade5509ae33604dc37b9
Score

8^/10

aspackv2 bootkit discovery persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2bootkitdiscoverypersistence

behavioral2

aspackv2bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy