Overview

overview

7

Static

static

3

Winbox.exe

windows7-x64

7

Winbox.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Winbox.exe

  • Size

    3.5MB

  • Sample

    230614-rn14laaa58

  • MD5

    81f583de2d16e2f451a0be9b8a7dd96c

  • SHA1

    90e7b57b50302f60b4294b54f7f9e2bddd279747

  • SHA256

    44e30d499a2977f70f0cd11411cfde8a26ff4f63c476740f4d8e4a461f9e753e

  • SHA512

    171f353a2ca289af5e925392b6ac53c136bb9860e0bcb1697362fe0a75deff1d84f2128a3b0d711ae2a603f0d4af8dd44ab4cc5d39aa38e482e69ed11d5bff3f

  • SSDEEP

    98304:lfLcWEe08s9qCzeDBsdGExhSrIClK7GE5PBl:N0h8cD5DxKWV5b

Score
7/10
aspackv2

Malware Config

Targets

    • Target

      Winbox.exe

    • Size

      3.5MB

    • MD5

      81f583de2d16e2f451a0be9b8a7dd96c

    • SHA1

      90e7b57b50302f60b4294b54f7f9e2bddd279747

    • SHA256

      44e30d499a2977f70f0cd11411cfde8a26ff4f63c476740f4d8e4a461f9e753e

    • SHA512

      171f353a2ca289af5e925392b6ac53c136bb9860e0bcb1697362fe0a75deff1d84f2128a3b0d711ae2a603f0d4af8dd44ab4cc5d39aa38e482e69ed11d5bff3f

    • SSDEEP

      98304:lfLcWEe08s9qCzeDBsdGExhSrIClK7GE5PBl:N0h8cD5DxKWV5b

    Score
    7/10
    aspackv2

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks