cd1bb3e15e00395238f8f995f0f206bde69479d422c119517685fd009e951218 | Triage

Sharing

General

Target

cd1bb3e15e00395238f8f995f0f206bde69479d422c119517685fd009e951218
Size

2.9MB
Sample

230624-sxnqasbf83
MD5

71c3d24af19ec09608dabf93f56e8c80
SHA1

3da1104b67c1509c27c1236369016594a0641048
SHA256

cd1bb3e15e00395238f8f995f0f206bde69479d422c119517685fd009e951218
SHA512

0043022ac9ba177b19c04105c55cb6c75ca0d1aeb3f029cd1afe1dfee196306d4f55b481523a22ec61ab889508117d37b1f08ae642da270f171f83e8b2296a5e
SSDEEP

49152:/q3jDLMcXShsmWF73/YqYAWysjU3BFFspj2xI8g7k/Y2idB+V:0vFSmlhYAWyssBFFAGInwidC

Score

8^/10

aspackv2 persistence

Malware Config

Targets

- Target
  
  cd1bb3e15e00395238f8f995f0f206bde69479d422c119517685fd009e951218
- Size
  
  2.9MB
- MD5
  
  71c3d24af19ec09608dabf93f56e8c80
- SHA1
  
  3da1104b67c1509c27c1236369016594a0641048
- SHA256
  
  cd1bb3e15e00395238f8f995f0f206bde69479d422c119517685fd009e951218
- SHA512
  
  0043022ac9ba177b19c04105c55cb6c75ca0d1aeb3f029cd1afe1dfee196306d4f55b481523a22ec61ab889508117d37b1f08ae642da270f171f83e8b2296a5e
- SSDEEP
  
  49152:/q3jDLMcXShsmWF73/YqYAWysjU3BFFspj2xI8g7k/Y2idB+V:0vFSmlhYAWyssBFFAGInwidC
Score

8^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2