Overview

overview

8

Static

static

8

8281ed9ca3...1e.exe

windows7-x64

8281ed9ca3...1e.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8281ed9ca3f499803d4337735c0a5d6279022394409f492cdba19443f721121e

  • Size

    85KB

  • Sample

    221129-hmp59shh5w

  • MD5

    7f07b1d8c3e93203a5d9cb71fc57f139

  • SHA1

    9bf82f08b7f635193775a9741e92177d85cf41a0

  • SHA256

    8281ed9ca3f499803d4337735c0a5d6279022394409f492cdba19443f721121e

  • SHA512

    d08ad6c19cb6ce37ba6a2cc9bbd9d34fc17f2b9cef6e3a5132f6b536c929d7875a4a69051008794a8dd142a474906a9b4d779709555edb2f337d84056e98b255

  • SSDEEP

    1536:UKy7x3cuklIn2ecXFX/Hcb+KeWSek4CcKn3S0b0I1mwOtg5:UKkxsmZc5/HNH+U11mftk

Score
8/10
aspackv2bootkitpersistence

Malware Config

Targets

    • Target

      8281ed9ca3f499803d4337735c0a5d6279022394409f492cdba19443f721121e

    • Size

      85KB

    • MD5

      7f07b1d8c3e93203a5d9cb71fc57f139

    • SHA1

      9bf82f08b7f635193775a9741e92177d85cf41a0

    • SHA256

      8281ed9ca3f499803d4337735c0a5d6279022394409f492cdba19443f721121e

    • SHA512

      d08ad6c19cb6ce37ba6a2cc9bbd9d34fc17f2b9cef6e3a5132f6b536c929d7875a4a69051008794a8dd142a474906a9b4d779709555edb2f337d84056e98b255

    • SSDEEP

      1536:UKy7x3cuklIn2ecXFX/Hcb+KeWSek4CcKn3S0b0I1mwOtg5:UKkxsmZc5/HNH+U11mftk

    Score
    8/10
    aspackv2bootkitpersistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks