0ec8dc6e155e2a91bb4b99476efaae06c330fe6270c9d34b30e67c2841145bfe | Triage

Submit
Reports

Overview

overview

8

Static

static

傲世中变.exe

windows7-x64

8

傲世中变.exe

windows10-2004-x64

8

Sharing

General

Target

0ec8dc6e155e2a91bb4b99476efaae06c330fe6270c9d34b30e67c2841145bfe
Size

3.2MB
Sample

221126-fnkaasgf5y
MD5

380823d5dcff4367ec334510875fc23d
SHA1

c710012ceea6dc0f5739f634010cd6ece3435701
SHA256

0ec8dc6e155e2a91bb4b99476efaae06c330fe6270c9d34b30e67c2841145bfe
SHA512

4bb5f2c1666dbc2a4f6526a13ab909268c61b4b2f4f0777c740e4e09a2bd3b541c75cc038c31d4c6d127d93264b14e64fe5ff3f797e3406de1858f55d9e07214
SSDEEP

98304:GWVdgpUcxS3zlWICLn8LFIJ3xT8HwLhpZK6IvuBNGsna:nVdgpUVzI3Lxx1KPuXGsa

Score

8^/10

aspackv2 persistence vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

傲世中变.exe

Resource

win7-20220812-en

aspackv2 persistence vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

傲世中变.exe

Resource

win10v2004-20220812-en

aspackv2 persistence vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  傲世中变.exe
- Size
  
  3.2MB
- MD5
  
  a87419a7b8cd42c04abc321896475347
- SHA1
  
  6849c85576f911e7b4db746ceefa74845f4d7bdc
- SHA256
  
  761c471e80d3c44febc76a8f7108744fd1aa07b646d5f37c7608714c1a8c42d6
- SHA512
  
  47082bc2fe9aacb2dcce925c775a939c6f57cdba202dd07d7a160e5401d42e650e46c3d46d0d85aceb05d6249f1f652b16d2cd06fbfaba9eb7343676cecb1a8a
- SSDEEP
  
  98304:Gc//////ArnXSjOFrpgpu4iBM2YlLatY3gb4qXzDuxTyqm:WrnXSSFrpgc41Jlmt8/qXuxT8
Score

8^/10

aspackv2 persistence vmprotect
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistencevmprotect

behavioral2

aspackv2persistencevmprotect

© 2018-2024

Terms | Privacy