9b06785cc3849340b17522965eeb9d19239be9bd006cb07988279bc4588ea982 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

731e1a4986...17.exe

windows7-x64

7

731e1a4986...17.exe

windows10-2004-x64

7

Sharing

General

Target

9341603652.zip
Size

2.1MB
Sample

230301-kes83afd64
MD5

47e433c8831577f617d6bfc8769c4663
SHA1

2d439ad36487a3c1a954115a07ddaad8998d62fe
SHA256

9b06785cc3849340b17522965eeb9d19239be9bd006cb07988279bc4588ea982
SHA512

5b876a6843ce63f048829222288420d175b7996a737c9285e2abf2881df4a7e78d877a266a20edecc036eb328ebb4b74916ef103024b8f45093220755fcb9e71
SSDEEP

49152:H+CljMdhNKAPM8EmqYgImR5YESOs/Y5GzEV1AKOd7UDp4jPi:ZlANnP5EF5YX2/otIujPi

Score

7^/10

aspackv2 persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

731e1a498611e33e76f3e69386fd70281168da539d0005212bc3bd4d0ce1b117.exe

Resource

win7-20230220-en

aspackv2 persistence spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

731e1a498611e33e76f3e69386fd70281168da539d0005212bc3bd4d0ce1b117.exe

Resource

win10v2004-20230220-en

aspackv2 persistence spyware stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  731e1a498611e33e76f3e69386fd70281168da539d0005212bc3bd4d0ce1b117
- Size
  
  2.2MB
- MD5
  
  20136843871cbf97f966bd27c9522108
- SHA1
  
  96f6129e9103be1317236380079bbb3bbdb58d2d
- SHA256
  
  731e1a498611e33e76f3e69386fd70281168da539d0005212bc3bd4d0ce1b117
- SHA512
  
  2ab6a87949c11b33c8060794bee6b93c8cf668396398fa8817e59b4c8a706bfe01e3a7100cee9e575b32233624fb159cb038342ca2abfc11e46a0474b293c04b
- SSDEEP
  
  49152:Wf4JYjtvbdDUDYTSN4x1PjcvJ5dfSObPXAbVoE56ij:JI5wDYy4f7wdLbQVoEc
Score

7^/10

aspackv2 persistence spyware stealer upx
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2persistencespywarestealerupx

behavioral2

aspackv2persistencespywarestealerupx

© 2018-2024

Terms | Privacy