b1bdb8a84e10f0c0a66327a1d5e8ea30f48b774869b2f8528f2dd55483d57936 | Triage

Sharing

General

Target

b1bdb8a84e10f0c0a66327a1d5e8ea30f48b774869b2f8528f2dd55483d57936
Size

1.0MB
Sample

220703-lxxvmsedak
MD5

3bb4fd30c797f3a9352e7f79d10e7e34
SHA1

425890faf9d51152a9d78793287dd81261307f2b
SHA256

b1bdb8a84e10f0c0a66327a1d5e8ea30f48b774869b2f8528f2dd55483d57936
SHA512

b459bdca661544f9feadd77914ef88dee7af3b5288c27f160e28e3cdd05ce9ecb127a692b2ed1f529e7ccba8b4d0b64feb080093c9eb42c08b1333d7050f0f8f

Score

8^/10

aspackv2 persistence spyware stealer

Malware Config

Targets

- Target
  
  b1bdb8a84e10f0c0a66327a1d5e8ea30f48b774869b2f8528f2dd55483d57936
- Size
  
  1.0MB
- MD5
  
  3bb4fd30c797f3a9352e7f79d10e7e34
- SHA1
  
  425890faf9d51152a9d78793287dd81261307f2b
- SHA256
  
  b1bdb8a84e10f0c0a66327a1d5e8ea30f48b774869b2f8528f2dd55483d57936
- SHA512
  
  b459bdca661544f9feadd77914ef88dee7af3b5288c27f160e28e3cdd05ce9ecb127a692b2ed1f529e7ccba8b4d0b64feb080093c9eb42c08b1333d7050f0f8f
Score

7^/10

persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2