23ce8f18319d943325c46641dc8f7d3bcfb87f7008e4cc25b1262d188f397439 | Triage

Submit
Reports

Overview

overview

Static

static

7

1bc2773278...8f.exe

windows7-x64

1bc2773278...8f.exe

windows10-2004-x64

Sharing

General

Target

1bc2773278db821664d3e40252a56f8f
Size

635KB
Sample

231230-y5xk3afed6
MD5

1bc2773278db821664d3e40252a56f8f
SHA1

7860f17d866f74d0a5e1317e853251e9c7062e3b
SHA256

23ce8f18319d943325c46641dc8f7d3bcfb87f7008e4cc25b1262d188f397439
SHA512

10f6759f42ae811e27411ebe3e856d7319134847c68d4d7def5a80911fb30e1a1c8b0bc6aa6ea9d7dd6ebe0b9bd54c1709ead40afd7293108f30f38b0213b09f
SSDEEP

12288:I3TdtLW5WIj1YSSdFxsBSXyMzBUWb9tx/9AgHLo8OW+rB:iDsj1dEcBcJ9nnx/igrp+

Score

10^/10

aspackv2 evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1bc2773278db821664d3e40252a56f8f.exe

Resource

win7-20231215-en

aspackv2 evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1bc2773278db821664d3e40252a56f8f.exe

Resource

win10v2004-20231215-en

aspackv2 evasion persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1bc2773278db821664d3e40252a56f8f
- Size
  
  635KB
- MD5
  
  1bc2773278db821664d3e40252a56f8f
- SHA1
  
  7860f17d866f74d0a5e1317e853251e9c7062e3b
- SHA256
  
  23ce8f18319d943325c46641dc8f7d3bcfb87f7008e4cc25b1262d188f397439
- SHA512
  
  10f6759f42ae811e27411ebe3e856d7319134847c68d4d7def5a80911fb30e1a1c8b0bc6aa6ea9d7dd6ebe0b9bd54c1709ead40afd7293108f30f38b0213b09f
- SSDEEP
  
  12288:I3TdtLW5WIj1YSSdFxsBSXyMzBUWb9tx/9AgHLo8OW+rB:iDsj1dEcBcJ9nnx/igrp+
Score

10^/10

aspackv2 evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2evasionpersistence

behavioral2

aspackv2evasionpersistence

© 2018-2024

Terms | Privacy