5c6735a4c8dc5c1b2ef9a8a1cad8ec6e80cfc2af189c82e5ccb2320792518a83 | Triage

Submit
Reports

Overview

overview

Static

static

3

5c6735a4c8...83.exe

windows7-x64

5c6735a4c8...83.exe

windows10-2004-x64

Sharing

General

Target

5c6735a4c8dc5c1b2ef9a8a1cad8ec6e80cfc2af189c82e5ccb2320792518a83
Size

2.8MB
Sample

230612-klnxxsbf9t
MD5

1df74f0ec8b5359999ebb2116ae64ccd
SHA1

a41a5236eaf7df0672d42a81f4e4ec9703ab9e99
SHA256

5c6735a4c8dc5c1b2ef9a8a1cad8ec6e80cfc2af189c82e5ccb2320792518a83
SHA512

47a3a7ae39ebae66ffe4f292ea3b2cc1cc5cf892a1fc5f6826af6c008c9ba174798c170d402379053ed20da716182e36ed375c988ea1282c6c0ce41339c4e702
SSDEEP

49152:uZmH/P3uWK3BukNbWVZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcY:QmH3uJ3BPcg3Yz5J/693kf

Score

10^/10

aspackv2 evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5c6735a4c8dc5c1b2ef9a8a1cad8ec6e80cfc2af189c82e5ccb2320792518a83.exe

Resource

win7-20230220-en

aspackv2 evasion trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5c6735a4c8dc5c1b2ef9a8a1cad8ec6e80cfc2af189c82e5ccb2320792518a83.exe

Resource

win10v2004-20230220-en

aspackv2 evasion trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  5c6735a4c8dc5c1b2ef9a8a1cad8ec6e80cfc2af189c82e5ccb2320792518a83
- Size
  
  2.8MB
- MD5
  
  1df74f0ec8b5359999ebb2116ae64ccd
- SHA1
  
  a41a5236eaf7df0672d42a81f4e4ec9703ab9e99
- SHA256
  
  5c6735a4c8dc5c1b2ef9a8a1cad8ec6e80cfc2af189c82e5ccb2320792518a83
- SHA512
  
  47a3a7ae39ebae66ffe4f292ea3b2cc1cc5cf892a1fc5f6826af6c008c9ba174798c170d402379053ed20da716182e36ed375c988ea1282c6c0ce41339c4e702
- SSDEEP
  
  49152:uZmH/P3uWK3BukNbWVZ6ZbaHcYz5aAVKiw6ZWqTG93jJ3hWpVcY:QmH3uJ3BPcg3Yz5J/693kf
Score

10^/10

aspackv2 evasion trojan
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aspackv2evasiontrojan

behavioral2

aspackv2evasiontrojan

© 2018-2024

Terms | Privacy