3dd8d2bdbfbdc7a9bf7ade306c7e171b3ffb6e3f06b329c92d8b45b6bb53b7c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3dd8d2bdbfbdc7a9bf7ade306c7e171b3ffb6e3f06b329c92d8b45b6bb53b7c4
Size

725KB
Sample

221126-2z4zqsfa9t
MD5

74fe1d8cc7d68842d715e2cd37e0b2d8
SHA1

d305e2dfeea023838475a5ac5fbef16d48a0853c
SHA256

3dd8d2bdbfbdc7a9bf7ade306c7e171b3ffb6e3f06b329c92d8b45b6bb53b7c4
SHA512

500a5f7e373023037ed0f0cf9fbda168889aea7965adcfb5b5fc3064ceebcbf26b1920cc0c4f227723163864b88822d423155307d477decf7d85fe20a5a97a0c
SSDEEP

12288:jlnzsZhAJlQfr0Tv4fBMmz1Qqful53//+MqZrgImoJ3eHvHpnv7GnrQMP+jsvtIT:jRs2or2v4ZMC1QSa53IZrgIfeHvRv7Gw

Score

8^/10

aspackv2 bootkit persistence

Malware Config

Targets

- Target
  
  大玩家时时彩智能预测1.4.2.exe
- Size
  
  935KB
- MD5
  
  0a2b309ff3764a2f313f029e40dca769
- SHA1
  
  11625572dbe55df9dce80cb0f9e68cd45a19dd39
- SHA256
  
  bce7ed0fd2778f3704895e8e4d05afa79ed0c6e0248e386ec053f4988b1be121
- SHA512
  
  7df71751609edc1f19edce4d250541db3127d9c6035a194a02d15e3c290874b15a78ea1ce06032630192bd590d10dd1db06b6fce236cb822bc355bef6a4c908a
- SSDEEP
  
  24576:67NqJY2Dg0eb3gaK9F2A9Gz+IXl4MseCM7utHJLX7yx6NvYUzYCS2keeCMBpYskX:6kJbDJe5K9QA9Gz+IXl4MseCOutHJLXz
Score

7^/10

bootkit persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  当下软件园.url
- Size
  
  191B
- MD5
  
  bdcc801fa8403eaecc71f63b740915af
- SHA1
  
  09c2f81338105d011694863280a76ea62a4e915e
- SHA256
  
  cab4f112f7e56424a7a00e6b6235a81be1ea980c2bd6529be764037f29de2ce5
- SHA512
  
  8af0b84bfd990c499b9bd7811d581f249c6b974bd13737468c05825cab019f340ca42d3a5ee4c54cfb79cfa60bf230058ada271fe49925a0b8aa7a191c13295d
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

behavioral4