fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447

General

Target

fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447
Size

4.9MB
Sample

221206-2gdd3adc2s
MD5

e678ed6062a8be299d4db0a6f9813319
SHA1

ecac051f6bfb0a071b08f7da6d8f256cca68d778
SHA256

fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447
SHA512

839b8e92d2b61b00a2c9fcb12ac4b066f9f46ec8dadcab763b409513f6c6a5539680a505ef5e2027f5c97238cfa686fa7c5b99ab21a5aa2d53af4a513eec9ff0
SSDEEP

98304:OSr8VIN4BsICmhGObDshxWdIxiWx890YyXbZFPK+Tear7MJ3FBPEt:OSrNemYnDWxWYiW690YibHdea3A3vPEt

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
petrivanich.aiq.ru
Port:
21
Username:
u364825
Password:
lu7l4mqm

Targets

- Target
  
  fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447
- Size
  
  4.9MB
- MD5
  
  e678ed6062a8be299d4db0a6f9813319
- SHA1
  
  ecac051f6bfb0a071b08f7da6d8f256cca68d778
- SHA256
  
  fd221d8c89c5aebbe02e3794def9cb4e8d5cb6076053b9bb5f56f5e09ee07447
- SHA512
  
  839b8e92d2b61b00a2c9fcb12ac4b066f9f46ec8dadcab763b409513f6c6a5539680a505ef5e2027f5c97238cfa686fa7c5b99ab21a5aa2d53af4a513eec9ff0
- SSDEEP
  
  98304:OSr8VIN4BsICmhGObDshxWdIxiWx890YyXbZFPK+Tear7MJ3FBPEt:OSrNemYnDWxWYiW690YibHdea3A3vPEt
Score

10^/10

aspackv2 bootkit evasion persistence trojan
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ASPack v2.12-2.42

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2