Overview

overview

8

Static

static

8

45674a54c7...08.exe

windows7_x64

6

45674a54c7...08.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45674a54c7bf99e9e78772aee3117abf07f750e8704da56e5675060bf8391a08

  • Size

    6.1MB

  • Sample

    220707-tfbvvaaagm

  • MD5

    f88c83acfc5835295cfb84a58cab805b

  • SHA1

    c7647520baa921a3d8543a3bd5f99b0c28779e1e

  • SHA256

    45674a54c7bf99e9e78772aee3117abf07f750e8704da56e5675060bf8391a08

  • SHA512

    bc5fb9d2c5e0aa91009a20363ae25d125caf8c4e822f579120e6cb81743983eafc8e89676d76cbb687c63f161f6062e3bedc8b6c553e1aa6a56a6e64751d13d4

Score
8/10
aspackv2persistence

Malware Config

Targets

    • Target

      45674a54c7bf99e9e78772aee3117abf07f750e8704da56e5675060bf8391a08

    • Size

      6.1MB

    • MD5

      f88c83acfc5835295cfb84a58cab805b

    • SHA1

      c7647520baa921a3d8543a3bd5f99b0c28779e1e

    • SHA256

      45674a54c7bf99e9e78772aee3117abf07f750e8704da56e5675060bf8391a08

    • SHA512

      bc5fb9d2c5e0aa91009a20363ae25d125caf8c4e822f579120e6cb81743983eafc8e89676d76cbb687c63f161f6062e3bedc8b6c553e1aa6a56a6e64751d13d4

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks