3cb05f1addd773304b83179b94823fde21f2d8c4cff2564ee0ab51d194681689 | Triage

Sharing

General

Target

3cb05f1addd773304b83179b94823fde21f2d8c4cff2564ee0ab51d194681689
Size

1.8MB
Sample

220703-gceq4shadl
MD5

563f17ab67ed8d8278d284dfd930fb09
SHA1

3739c22705f290d3799a54f3885a321e175f345e
SHA256

3cb05f1addd773304b83179b94823fde21f2d8c4cff2564ee0ab51d194681689
SHA512

2489814647230bc761fe2230e4ece55b115994608495ac7db464b061ee626f7a23a75bef18210670cfd0bd6c4bbdfd78ef42e29c2df9b1b39dc9120e7dce7b00

Score

8^/10

aspackv2 persistence spyware stealer

Malware Config

Targets

- Target
  
  3cb05f1addd773304b83179b94823fde21f2d8c4cff2564ee0ab51d194681689
- Size
  
  1.8MB
- MD5
  
  563f17ab67ed8d8278d284dfd930fb09
- SHA1
  
  3739c22705f290d3799a54f3885a321e175f345e
- SHA256
  
  3cb05f1addd773304b83179b94823fde21f2d8c4cff2564ee0ab51d194681689
- SHA512
  
  2489814647230bc761fe2230e4ece55b115994608495ac7db464b061ee626f7a23a75bef18210670cfd0bd6c4bbdfd78ef42e29c2df9b1b39dc9120e7dce7b00
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2