3ba702c5569d6e6b76beb010d9ea0e1d6945135ca8699dacb4492c4be0bfeb6b | Triage

Submit
Reports

Overview

overview

Static

static

8

3ba702c556...6b.exe

windows7_x64

3ba702c556...6b.exe

windows10-2004_x64

Sharing

General

Target

3ba702c5569d6e6b76beb010d9ea0e1d6945135ca8699dacb4492c4be0bfeb6b
Size

974KB
Sample

220703-l4z9cagge5
MD5

9bf90eb205bc0d48aef2ea2cb604d513
SHA1

c50b85efe2530a3d17f11aca4520043f4d5fb643
SHA256

3ba702c5569d6e6b76beb010d9ea0e1d6945135ca8699dacb4492c4be0bfeb6b
SHA512

228ccb385a9701ff9e9cbbb08cf36990511e3480488426f70ea8978a6c24bbb9d388a19c1ab552e1f2f4d59e8e534622a6517924e73bb77c892e2a916bb66c2f

Score

10^/10

aspackv2 persistence

Static task

static1

Behavioral task

behavioral1

Sample

3ba702c5569d6e6b76beb010d9ea0e1d6945135ca8699dacb4492c4be0bfeb6b.exe

Resource

win7-20220414-en

aspackv2 persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3ba702c5569d6e6b76beb010d9ea0e1d6945135ca8699dacb4492c4be0bfeb6b.exe

Resource

win10v2004-20220414-en

aspackv2 persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3ba702c5569d6e6b76beb010d9ea0e1d6945135ca8699dacb4492c4be0bfeb6b
- Size
  
  974KB
- MD5
  
  9bf90eb205bc0d48aef2ea2cb604d513
- SHA1
  
  c50b85efe2530a3d17f11aca4520043f4d5fb643
- SHA256
  
  3ba702c5569d6e6b76beb010d9ea0e1d6945135ca8699dacb4492c4be0bfeb6b
- SHA512
  
  228ccb385a9701ff9e9cbbb08cf36990511e3480488426f70ea8978a6c24bbb9d388a19c1ab552e1f2f4d59e8e534622a6517924e73bb77c892e2a916bb66c2f
Score

10^/10

aspackv2 persistence
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2persistence

© 2018-2024

Terms | Privacy