c3be0654a5b65e30a8a5ab8c7a8727a6226e87486904f83ededc28e685cb62ef | Triage

Sharing

General

Target

c3be0654a5b65e30a8a5ab8c7a8727a6226e87486904f83ededc28e685cb62ef
Size

150KB
Sample

221205-ppgegadg8t
MD5

fa5b31f9a4b6ed0f5d287e54f8da7f9e
SHA1

f8a7c3f162ec3a709e6ff48dd2200822d72757f6
SHA256

c3be0654a5b65e30a8a5ab8c7a8727a6226e87486904f83ededc28e685cb62ef
SHA512

638f79a67a116f4d5c19bd578e801bf27df3169244db9d69c3fe91f3299c880c5792385e6f3c3a9dadfd712c4f2fc088fd0d1246489fb5898ada7c6c3aacfb96
SSDEEP

3072:9qGLpya/2Yp9yhhJnrVbI/SDRXs+Ak1bjzzkdzZJeG6CugxTZ:U2tuJxa/SFnBvIZJePCuU

Score

10^/10

aspackv2 evasion persistence

Malware Config

Targets

- Target
  
  c3be0654a5b65e30a8a5ab8c7a8727a6226e87486904f83ededc28e685cb62ef
- Size
  
  150KB
- MD5
  
  fa5b31f9a4b6ed0f5d287e54f8da7f9e
- SHA1
  
  f8a7c3f162ec3a709e6ff48dd2200822d72757f6
- SHA256
  
  c3be0654a5b65e30a8a5ab8c7a8727a6226e87486904f83ededc28e685cb62ef
- SHA512
  
  638f79a67a116f4d5c19bd578e801bf27df3169244db9d69c3fe91f3299c880c5792385e6f3c3a9dadfd712c4f2fc088fd0d1246489fb5898ada7c6c3aacfb96
- SSDEEP
  
  3072:9qGLpya/2Yp9yhhJnrVbI/SDRXs+Ak1bjzzkdzZJeG6CugxTZ:U2tuJxa/SFnBvIZJePCuU
Score

10^/10

aspackv2 persistence evasion
- Modifies firewall policy service
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2persistence

behavioral2

aspackv2evasionpersistence