Overview

overview

10

Static

static

8

3c1684f184...3a.exe

windows7_x64

10

3c1684f184...3a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c1684f184f6ece0d9a5c66d764e35b2348813632556bdeb95d32e378afb2b3a

  • Size

    96KB

  • Sample

    220703-kkgr8aeea8

  • MD5

    16df5cdb0dd3701f287c5f810bd5b1cd

  • SHA1

    6f638d0ec31edc6912fb4f5eeeaa37403a782e42

  • SHA256

    3c1684f184f6ece0d9a5c66d764e35b2348813632556bdeb95d32e378afb2b3a

  • SHA512

    807467934f957024c7e9211d1f6575f605fce0aacd7cc55e1dad9b5e83bd086bb4cf85ec830a0cf87e2e5cf98c0e544e23a422c0acc049f3f44c39704cca24ee

Score
10/10
aspackv2persistence

Malware Config

Targets

    • Target

      3c1684f184f6ece0d9a5c66d764e35b2348813632556bdeb95d32e378afb2b3a

    • Size

      96KB

    • MD5

      16df5cdb0dd3701f287c5f810bd5b1cd

    • SHA1

      6f638d0ec31edc6912fb4f5eeeaa37403a782e42

    • SHA256

      3c1684f184f6ece0d9a5c66d764e35b2348813632556bdeb95d32e378afb2b3a

    • SHA512

      807467934f957024c7e9211d1f6575f605fce0aacd7cc55e1dad9b5e83bd086bb4cf85ec830a0cf87e2e5cf98c0e544e23a422c0acc049f3f44c39704cca24ee

    Score
    10/10
    aspackv2persistence

    • Modifies WinLogon for persistence

      persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks