ec3ab38ccd00d1c556983978e89533fc9c3cfbb395f590ee4c437847a68ecf80 | Triage

Submit
Reports

Overview

overview

Static

static

3

??????????.exe

windows7-x64

7

??????????.exe

windows10-2004-x64

Sharing

General

Target

??????????.exe
Size

51.1MB
Sample

230605-kgtbvaga6v
MD5

0769ed600d9fd9477915573dca6ac0e3
SHA1

651bc713117a92a449a1936e8fdf42e9ae5b8b9b
SHA256

ec3ab38ccd00d1c556983978e89533fc9c3cfbb395f590ee4c437847a68ecf80
SHA512

aa50e289c7ef3453fdf6e1a94450a1d8737c522c153c556fac1bb6617b31bbb202c60e156a0f5c8998a93b32065a9fa5b51da33a803557009f91f43265b56439
SSDEEP

1572864:vvhr89ORGJRvOaIHPZtp9RvxgtC+rGQFh57MefPAH1x6iu:3B8lRfIHPHRZ+rGQFYeXMmV

Score

10^/10

aspackv2 discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

??????????.exe

Resource

win7-20230220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

??????????.exe

Resource

win10v2004-20230220-en

aspackv2 discovery evasion persistence trojan

windows10-2004-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  ??????????.exe
- Size
  
  51.1MB
- MD5
  
  0769ed600d9fd9477915573dca6ac0e3
- SHA1
  
  651bc713117a92a449a1936e8fdf42e9ae5b8b9b
- SHA256
  
  ec3ab38ccd00d1c556983978e89533fc9c3cfbb395f590ee4c437847a68ecf80
- SHA512
  
  aa50e289c7ef3453fdf6e1a94450a1d8737c522c153c556fac1bb6617b31bbb202c60e156a0f5c8998a93b32065a9fa5b51da33a803557009f91f43265b56439
- SSDEEP
  
  1572864:vvhr89ORGJRvOaIHPZtp9RvxgtC+rGQFh57MefPAH1x6iu:3B8lRfIHPHRZ+rGQFYeXMmV
Score

10^/10

aspackv2 discovery evasion persistence trojan
- UAC bypass
  evasion trojan
- Creates new service(s)
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

New Service

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

aspackv2discoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy