1b728154a3829a97622bc121768ab074946d72e86dbcbf650e511b8e73765ca0 | Triage

Sharing

General

Target

1b728154a3829a97622bc121768ab074946d72e86dbcbf650e511b8e73765ca0
Size

6.5MB
Sample

221125-2jyg1sca38
MD5

6f33db862831a5da33ee5a31d611cc0b
SHA1

4d8372698f81cf282a3bde35bafb2eb0a513cd58
SHA256

1b728154a3829a97622bc121768ab074946d72e86dbcbf650e511b8e73765ca0
SHA512

7edbdaba155d2364008b7a18f1f4d54485a01ee22be1023d45bcc2a8f450931af2cffb58ab299f15decc075798335ef605d1ee02f8821c3302042b9d40f8ec76
SSDEEP

196608:fySQiPVWgLzGGEj1z83SNBHH8NTcl3Rdzh8o:fWiPESzEZxHwcl3Rdzao

Score

8^/10

aspackv2 bootkit persistence

Malware Config

Targets

- Target
  
  U盘启动制作工具包/FbinstTool.exe
- Size
  
  624KB
- MD5
  
  c3201abf7146ab685f4ecb118036f020
- SHA1
  
  a0d0341530fede0c3e25d4bb050ceca72cf836f8
- SHA256
  
  ef8c7f72e23cc6e38068566ca80bd2d395266e26c263551988d9c920b1d04845
- SHA512
  
  40e8479c251355db393da589b6b306d690e02629391ff84747d38f4fc465cb2207f4fe6bfff872f67f86fac0e7fe6b6273a1bd5bc6bf1db30e0ba2ee6cbd0461
- SSDEEP
  
  12288:JPHtLcahfnqx6P3zal/J7ZSIVvY44/N7gkW74/msTIlTL:JPHtBYUzawIVvYddI4us
Score

6^/10

bootkit persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  U盘启动制作工具包/MsgDiyer.exe
- Size
  
  3.3MB
- MD5
  
  6f7a4e93ae4a93d9bad2fdef7ef09832
- SHA1
  
  275f3f8876140def920106f2be775c8b1f2304cc
- SHA256
  
  7b6e4e165649e15323e01bb38124e14899e720ca7d2cf743a4ee166199c3fa79
- SHA512
  
  776f3b8a7dea198659b01455f6a5575ad74efd0cd6528008a170c9a11837bbff36ff5d706d2b28a0453d0f74d650fd5aedb8645a1c77b46fdf4bd49a5b5133ac
- SSDEEP
  
  49152:n6dUpqhtfLqGr0d3EWZockmSFayRG3Dj2ojYoiptpwIXcmCkcuGBKfDH5gVD/yQc:oUpqhlLqP9+ay0zS4QtDccc7KfEt3Yq
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  U盘启动制作工具包/UD启动界面编辑MsgDiyer及FbinstTool使用图文教程.docx
- Size
  
  487KB
- MD5
  
  3cbead96f67b9890463e569119a7ab44
- SHA1
  
  3ea69b788a26b9b840c60baeffa089b7601f58d1
- SHA256
  
  8bfbe584a693583e5e345ceee7fae4adaf0a10bb3f064cfc1173738db5af181a
- SHA512
  
  e749315d70d18e01de283135b45d06eef7345752991b5cb56ccb98f21663bc53f3076978b5f2f3b558a7d7e582518d3cf8fc42192f14dc1b4ec95246c74ec007
- SSDEEP
  
  12288:vhE2oRBHItTcKsVF571MSoavCn1ZsWA7P+OeY4qXry7Zh:vhUAGF571Xoavofz8zeY4oryP
Score

4^/10
behavioral5 behavioral6
- Target
  
  U盘启动制作工具包/UltraISO.exe
- Size
  
  1.0MB
- MD5
  
  c8ca8a6aa87f620c6b037ec264a9a035
- SHA1
  
  c2f2d301123bde8c28628a7061def1ff23306621
- SHA256
  
  d89fef01550b8e2a6e526f89cabf249baf34a916e340299f099c23975757397f
- SHA512
  
  ec8bc223aefe43c74def40869060e7be90acc95ba299f0021f16691fc45ed82db0bfe0d876357cf1a8b3abf93523a75b48892cc3725c16603ab627125c3760b4
- SSDEEP
  
  24576:2kkERYQrrTsx5Q+C8uFNq1XtugFzoReyJUOR8S1u:26x31XF4zowWp
Score

3^/10
behavioral7 behavioral8
- Target
  
  U盘启动制作工具包/WinImage.exe
- Size
  
  1.2MB
- MD5
  
  33ac70c69a5b50d6bc3ef5c8bc8923b4
- SHA1
  
  1f53c193181744f48cf4cebfa82a9a0b9533d305
- SHA256
  
  32a022232ced41df5f46796b47966b7dfc1da7fb96d12a18fafdff596bdb9686
- SHA512
  
  32719bbfbf72c7eb17797fe6d18c7b93ae7ece52fc6032910cb8ef7b37fc9620d9700809906eec809f48b58b08dd3225a96db679216ce829d586ea6d4924fd34
- SSDEEP
  
  24576:PTxOiKvDuygJjrIDicvXJVqUk+wCgbuDw1VTdoXoQHkFcb:7iDu6DiMXuN+w+wPoomNb
Score

1^/10
behavioral10 behavioral9
- Target
  
  U盘启动制作工具包/好251网址导航.htm
- Size
  
  129B
- MD5
  
  94b399885ae5f164d5c4bdf3c1d04b7a
- SHA1
  
  b8c008c38e11e539903b089d60300347610543a8
- SHA256
  
  abc13792a08764fd2a4728478c1b8e607f50cbb1149cc225263ce276587befc7
- SHA512
  
  c137cafc230c32353a89d79bdeaa63113be42585176e60b2aa79148d1410fb4a9529254fc885c02553fc20d4df536cef20553ea6f5088e70037a882c852ac459
Score

1^/10
behavioral11 behavioral12
- Target
  
  U盘启动制作工具包/绿色资源网.url
- Size
  
  332B
- MD5
  
  457ba37468a50d85cee3a3cac64a4981
- SHA1
  
  7a61a453a7070cd28f296efa0041131f5efb222e
- SHA256
  
  2dae59f1b82bdd703d4ce061a88599e763f580bae6560fc4d1cd2f5aacc3f344
- SHA512
  
  8ee795a1aedd9d944ecf61811c774f38db3e2ec9c7c74431d6c2d8d3970cc61ff210830847fc66c5edad3318b332cb6f74cddd9ccd864dde5ef6e3f2cd4c371b
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14