Overview

overview

8

Static

static

8

db71315d52...0f.exe

windows7-x64

8

db71315d52...0f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db71315d52651089b89fa615d0e409cf87ec2dcd4e32abd39a6e37705dd5730f

  • Size

    112KB

  • Sample

    221124-wyjphsee9v

  • MD5

    f2f06c7759f4c358b23c8ac715e84f29

  • SHA1

    4503a3f34c5a5f4b5315a1dea18f6802143ccdb3

  • SHA256

    db71315d52651089b89fa615d0e409cf87ec2dcd4e32abd39a6e37705dd5730f

  • SHA512

    6a2087e6c64f3abcfa2c09adfac03bb7e71093f5755e1451c2e988ef61776f74b2c4167982b4caa6993016a80494fdd0dc00a7afb73e54af075c99897cb1074d

  • SSDEEP

    3072:IX3mfj1USDsTPYvQG+iIunxeMHrIPbzm7p:tr1U6iP8D+FunTHrInm7

Score
8/10
aspackv2persistence

Malware Config

Targets

    • Target

      db71315d52651089b89fa615d0e409cf87ec2dcd4e32abd39a6e37705dd5730f

    • Size

      112KB

    • MD5

      f2f06c7759f4c358b23c8ac715e84f29

    • SHA1

      4503a3f34c5a5f4b5315a1dea18f6802143ccdb3

    • SHA256

      db71315d52651089b89fa615d0e409cf87ec2dcd4e32abd39a6e37705dd5730f

    • SHA512

      6a2087e6c64f3abcfa2c09adfac03bb7e71093f5755e1451c2e988ef61776f74b2c4167982b4caa6993016a80494fdd0dc00a7afb73e54af075c99897cb1074d

    • SSDEEP

      3072:IX3mfj1USDsTPYvQG+iIunxeMHrIPbzm7p:tr1U6iP8D+FunTHrInm7

    Score
    8/10
    persistence

    • Sets DLL path for service in the registry

      persistence

    • Deletes itself

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks