Overview

overview

8

Static

static

8

document.exe

windows7-x64

8

document.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01210da256ed6997f4f510dd5d7fdc78

  • Size

    171KB

  • Sample

    221011-zlpxjsdgh4

  • MD5

    01210da256ed6997f4f510dd5d7fdc78

  • SHA1

    5ca9117bddb9225e729b9577c2ecd8a58ba29bfc

  • SHA256

    50f4202ec7aa753063dd9242a0e3cbcf23b0551f5ad73296288e7613bc1dd163

  • SHA512

    9d91b3bb27bc3ad913876ec1be51f26f60c62c65cd30a9efb8620f70185d48de0d9320af755da2fcec4b83d05076328852a7a1cbaa8d9616c3ab6b74f89b1330

  • SSDEEP

    3072:aJNx/F0VGuhBYyIWMOeJhA2yOBGhGKMtIZaXQqrDFmwJibZceHkIox8iZz5uNt:aaBD45JK2yKGhGqZWDFbJiMxTZQNt

Score
8/10
aspackv2persistence

Malware Config

Targets

    • Target

      document.exe

    • Size

      125KB

    • MD5

      5462472ee7f2caee881562566f997429

    • SHA1

      54c7664e392117b91fff53e6c863714812a96940

    • SHA256

      d4625ff568067e85c2856517ca5c79335b04cb3a84b0ead8c6601d72d0c43558

    • SHA512

      f6edf2bf64b28682cc262cfe7476d21ac81311801a8fdcb88ded9912c8a6f51a5c4b1c10e9eb373b0e850a3d743c950f8d0704572f63cad774c4f3e27944bf6a

    • SSDEEP

      3072:npDBAKMk0gAN4lgOjCFQ2nf6bdtUNhomcN:nfMPgwIyNSb/Yho

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks