e19ef4fee16aaf922001e4f4467b585c70315deb414ab318d0da080af74c83b7 | Triage

Sharing

General

Target

e19ef4fee16aaf922001e4f4467b585c70315deb414ab318d0da080af74c83b7
Size

495KB
Sample

221029-wsehlshcg4
MD5

838a6beea2cd9493a37aecff8a640950
SHA1

e3125606720605c881dca9f258efae489094a533
SHA256

e19ef4fee16aaf922001e4f4467b585c70315deb414ab318d0da080af74c83b7
SHA512

6c5071902454efdcd83cb6505b818e7a604751a0adcbec7b0e18164299e246b2daed724b6a098a1f68556ba90141fe406fa4a6c4cdafd0b53ac6a858f8c9a976
SSDEEP

6144:n162XNPcV6J9MwRX6olrfTLfOlQlSHGdVi3W7r7JcyIX6D2EWF7rh7DRTR8qqFbc:nJWwtXLlOWwW7/qynKDtDAqqFqqFqqJg

Score

9^/10

aspackv2 evasion

Malware Config

Targets

- Target
  
  e19ef4fee16aaf922001e4f4467b585c70315deb414ab318d0da080af74c83b7
- Size
  
  495KB
- MD5
  
  838a6beea2cd9493a37aecff8a640950
- SHA1
  
  e3125606720605c881dca9f258efae489094a533
- SHA256
  
  e19ef4fee16aaf922001e4f4467b585c70315deb414ab318d0da080af74c83b7
- SHA512
  
  6c5071902454efdcd83cb6505b818e7a604751a0adcbec7b0e18164299e246b2daed724b6a098a1f68556ba90141fe406fa4a6c4cdafd0b53ac6a858f8c9a976
- SSDEEP
  
  6144:n162XNPcV6J9MwRX6olrfTLfOlQlSHGdVi3W7r7JcyIX6D2EWF7rh7DRTR8qqFbc:nJWwtXLlOWwW7/qynKDtDAqqFqqFqqJg
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Enumerates VirtualBox registry keys
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Software Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2