Overview

overview

10

Static

static

3

Nos317.exe

windows7-x64

10

Nos317.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nos317.exe.exe

  • Size

    127KB

  • Sample

    230609-kkrbnacd7v

  • MD5

    1b957de2481264f0838b2ea58fefcd2b

  • SHA1

    ea4347f9d234e6ca737298fde05c8b93dd7829fd

  • SHA256

    ae94787c102c6b1c26f45413be4b123a8b2c1dc7ad7f9d1b9c86a489ac8c47c7

  • SHA512

    f96388b8b415eb2cb762760b614153b449330cf0f2b0b09ccf6d8932b2fe5b13dc0d5a9187bd3b1ab6e20175f9c2ede9d631c9bcd2d076a77a3a8c357758be7e

  • SSDEEP

    3072:3cpE7eK4faKrdTuKorWwj432v7xPKs+RO+GLVWxXu44444:37yfzdTujpi2T9sRObAD

Score
10/10
aspackv2persistence

Malware Config

Targets

    • Target

      Nos317.exe.exe

    • Size

      127KB

    • MD5

      1b957de2481264f0838b2ea58fefcd2b

    • SHA1

      ea4347f9d234e6ca737298fde05c8b93dd7829fd

    • SHA256

      ae94787c102c6b1c26f45413be4b123a8b2c1dc7ad7f9d1b9c86a489ac8c47c7

    • SHA512

      f96388b8b415eb2cb762760b614153b449330cf0f2b0b09ccf6d8932b2fe5b13dc0d5a9187bd3b1ab6e20175f9c2ede9d631c9bcd2d076a77a3a8c357758be7e

    • SSDEEP

      3072:3cpE7eK4faKrdTuKorWwj432v7xPKs+RO+GLVWxXu44444:37yfzdTujpi2T9sRObAD

    Score
    10/10
    aspackv2persistence

    • Modifies WinLogon for persistence

      persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks