d2f50eee8786568c10f8e604ffdcd8441187a630d6eb6e79f999c35ceaf84dc5 | Triage

Submit
Reports

Overview

overview

Static

static

8

d2f50eee87...c5.exe

windows7-x64

d2f50eee87...c5.exe

windows10-2004-x64

Sharing

General

Target

d2f50eee8786568c10f8e604ffdcd8441187a630d6eb6e79f999c35ceaf84dc5
Size

42KB
Sample

221129-hnx79sfa56
MD5

76fc6dd56b4f8ddc559c77036b76b937
SHA1

3e37d7bc9420c4fdde2d907d8d1ca1196e934bf1
SHA256

d2f50eee8786568c10f8e604ffdcd8441187a630d6eb6e79f999c35ceaf84dc5
SHA512

4a6213f0ddbaeb68a7b17516ed51d52e8434ec91102a6023396c468c4c6cd50acc8adf02e3f172bf6ae22d478bf9161bbbc0aea02ab68b9c505b5fe7bdbfeef6
SSDEEP

768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888s:BzOCay4wV339rPjzbpLwRJ9pSdoI1

Score

10^/10

aspackv2 evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d2f50eee8786568c10f8e604ffdcd8441187a630d6eb6e79f999c35ceaf84dc5.exe

Resource

win7-20221111-en

aspackv2 evasion persistence

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2f50eee8786568c10f8e604ffdcd8441187a630d6eb6e79f999c35ceaf84dc5.exe

Resource

win10v2004-20220812-en

aspackv2 evasion persistence

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  d2f50eee8786568c10f8e604ffdcd8441187a630d6eb6e79f999c35ceaf84dc5
- Size
  
  42KB
- MD5
  
  76fc6dd56b4f8ddc559c77036b76b937
- SHA1
  
  3e37d7bc9420c4fdde2d907d8d1ca1196e934bf1
- SHA256
  
  d2f50eee8786568c10f8e604ffdcd8441187a630d6eb6e79f999c35ceaf84dc5
- SHA512
  
  4a6213f0ddbaeb68a7b17516ed51d52e8434ec91102a6023396c468c4c6cd50acc8adf02e3f172bf6ae22d478bf9161bbbc0aea02ab68b9c505b5fe7bdbfeef6
- SSDEEP
  
  768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888s:BzOCay4wV339rPjzbpLwRJ9pSdoI1
Score

10^/10

aspackv2 evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2evasionpersistence

behavioral2

aspackv2evasionpersistence

© 2018-2024

Terms | Privacy