188e1b1fe6369cdef5920f8e6d744f556129313d8448c527d07080d3b852d43f | Triage

Submit
Reports

Overview

overview

8

Static

static

8

188e1b1fe6...3f.exe

windows7-x64

8

188e1b1fe6...3f.exe

windows10-2004-x64

7

Sharing

General

Target

188e1b1fe6369cdef5920f8e6d744f556129313d8448c527d07080d3b852d43f
Size

33KB
Sample

221123-l2jhtach22
MD5

30ee8b6b7c1d8e8e73756f4bd1a070ea
SHA1

dfffff8ac82646bd8d821df5e5ef5b465076f21a
SHA256

188e1b1fe6369cdef5920f8e6d744f556129313d8448c527d07080d3b852d43f
SHA512

8750b32118a8b510dfd7380fdb8d82f75b443e0292b5c915eab09b29ffc405d1c7221b2f7558fea14c18719e0ad01dcf9b611b219bbf23c31bfc4e19acf3d4c4
SSDEEP

768:P5b6zqlBETELn9cfXEWjGBx8Lfb4CCYR/9m:P5b6z0B0xEWjv5L

Score

8^/10

aspackv2 bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

188e1b1fe6369cdef5920f8e6d744f556129313d8448c527d07080d3b852d43f.exe

Resource

win7-20220812-en

bootkit discovery persistence

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

188e1b1fe6369cdef5920f8e6d744f556129313d8448c527d07080d3b852d43f.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  188e1b1fe6369cdef5920f8e6d744f556129313d8448c527d07080d3b852d43f
- Size
  
  33KB
- MD5
  
  30ee8b6b7c1d8e8e73756f4bd1a070ea
- SHA1
  
  dfffff8ac82646bd8d821df5e5ef5b465076f21a
- SHA256
  
  188e1b1fe6369cdef5920f8e6d744f556129313d8448c527d07080d3b852d43f
- SHA512
  
  8750b32118a8b510dfd7380fdb8d82f75b443e0292b5c915eab09b29ffc405d1c7221b2f7558fea14c18719e0ad01dcf9b611b219bbf23c31bfc4e19acf3d4c4
- SSDEEP
  
  768:P5b6zqlBETELn9cfXEWjGBx8Lfb4CCYR/9m:P5b6z0B0xEWjv5L
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

© 2018-2024

Terms | Privacy