013f49b1709a70e58968ff552cfdce0fa9903dfd276e5b092a23a05a782f5db3

Sharing

Copy URL Twitter E-mail

General

Target

780c349cb73328e1a1669101c49d70bd
Size

3.8MB
Sample

240126-ww2gjsdahm
MD5

780c349cb73328e1a1669101c49d70bd
SHA1

6aaaf52420421862a6633694659060598be7784f
SHA256

013f49b1709a70e58968ff552cfdce0fa9903dfd276e5b092a23a05a782f5db3
SHA512

28523a3156c4ab263c733341980db91e1abc2b4330ec99283bc561c2fa221f9414bbb3386983029efb05feef58a50941ea3447b93e0d2f0d2dd766a54bfc2ad6
SSDEEP

98304:fUjVUJp+a3wvs7Rp8MmNi8Lajm/p117kKx5WgGvCwWNVfsPcYf:fccp+eRqRhDF7kkIPvCwWNpsEYf

Score

8^/10

aspackv2 persistence

Malware Config

Targets

- Target
  
  780c349cb73328e1a1669101c49d70bd
- Size
  
  3.8MB
- MD5
  
  780c349cb73328e1a1669101c49d70bd
- SHA1
  
  6aaaf52420421862a6633694659060598be7784f
- SHA256
  
  013f49b1709a70e58968ff552cfdce0fa9903dfd276e5b092a23a05a782f5db3
- SHA512
  
  28523a3156c4ab263c733341980db91e1abc2b4330ec99283bc561c2fa221f9414bbb3386983029efb05feef58a50941ea3447b93e0d2f0d2dd766a54bfc2ad6
- SSDEEP
  
  98304:fUjVUJp+a3wvs7Rp8MmNi8Lajm/p117kKx5WgGvCwWNVfsPcYf:fccp+eRqRhDF7kkIPvCwWNpsEYf
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  d61d6c709e7947296603059f8bedeba9
- SHA1
  
  bdcfc90c358c82be43ef85727a7bdfebbd6d1b69
- SHA256
  
  65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63
- SHA512
  
  ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b
- SSDEEP
  
  384:sKlm7i+c3QW6ckPhyDEaLnL2bbBBIXwZ:5qi8BcyhEhLibbTI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  8be27f3bdec2b49d0a6a674716622304
- SHA1
  
  70d17db576ed484a4c0195571118d307fd4dc1b9
- SHA256
  
  4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47
- SHA512
  
  add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801
- SSDEEP
  
  48:SHdPtcWCeM7etAo1UurdGl4A0h2TpXHWFv+wewzpv1XP3GhaEJ6of2ynh1:I1cWxfzrrh2cFvWwFtS1
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  a6978ea99297c941d02d88fa873150d9
- SHA1
  
  4e1fd5c2f7291daef4d817b12bc7bfa432a90013
- SHA256
  
  a5c5012191015659684fc19b5e8ec7d33837b25c607f0f9dbfd46c10b8baeb17
- SHA512
  
  8caf697317e6f9e83bbb0ee15a87ec56be3b08aaea9f7fb64fa65dd111bcfde5a8d25c7ef58fa1aa464ba5f9d4e365d9d8d3763cda17b4f3223418adf9a25000
- SSDEEP
  
  96:g1C0Qaep2wbE+WH1/FMXF6CGQhFzK1KQ5YnhElMmV4d:4ep2w5k/FyEt2gN
Score

3^/10
behavioral7 behavioral8
- Target
  
  $SYSDIR/Drivers/MC2_NT_DRV.sys
- Size
  
  47KB
- MD5
  
  ff42c7f344f63ed8287a91cf8490182e
- SHA1
  
  9a34467aac13d1e1dcd7bdbe88506a6d0b53a54b
- SHA256
  
  5c3091ea5823f38fd9f98ab899965169f1062cefd284d0c11ab4ab2cb26908ef
- SHA512
  
  2cc232496ccc8287f0ec461ca6939020c8a9c88780eacbc9751ce6db9ffd823b6edf2418cccc57dd0747da7b0f086bf737a1500357e4ee3a5dd5e9726e1a49d5
- SSDEEP
  
  768:0IQm56Pn7LBZkJQ5O/YlWbpyrwe3MqWNU+KTbbbT4FV2BRpWbSDHCHFAHUkibFG:fQrXkW5cY4bYMqqU+2bbbAV2/S2bC
Score

1^/10
behavioral10 behavioral9
- Target
  
  ArmAccess.dll
- Size
  
  52KB
- MD5
  
  c841204b08d5a330f4e0503430f82e24
- SHA1
  
  5720d7eba4fdae55a7e67cfe3637cfda02d2e953
- SHA256
  
  089869db6efb52ce41dc6f0ab859164c7a316f4ae082cdc45b1ea7921fd42505
- SHA512
  
  22542300bc25ea84906c2ec7fd0588a9be67f9c44732f1c9c3ac8f2049a1941f2c746888c5635beb6a00049743cbb322143d698af7d501e9f5fc17738900e9ea
- SSDEEP
  
  384:TWNNgJdY59tTulkbETxYpx6y2LfiqoYBUcz837yIYh9JzxovS1f2uUIiho38oqee:SIwTulXtkmfZBe7EtFovs2I38ozSihb
Score

1^/10
behavioral11 behavioral12
- Target
  
  License.html
- Size
  
  10KB
- MD5
  
  cac863a44bdcbeebddcebc531d0b0be8
- SHA1
  
  544818d029314cf5bfe92759b988be908a1ce3f4
- SHA256
  
  8554d6d94d70e3a71d44225dcae8dfb49f4293ed262ba97d7d56e8a1ff6eccb9
- SHA512
  
  85d316437faa5835709c108caaa4595df71e0175bf6b6cd7b57cf49f39cc70e51a09a13a491ba476cfa6d29961735c970879edf120479e0f945366f3b5c91192
- SSDEEP
  
  192:q7lqtuwGQMPkcG5o2uOO/FDAdFxy8OXl+uBs2KgS+/gpBnr+UGkbrmw95pDPHiwM:q6WPkcwohPNDHluzzRrp35pDvC3
Score

1^/10
behavioral13 behavioral14
- Target
  
  MCFUNC.dll
- Size
  
  216KB
- MD5
  
  936cca0155f0ace1a85fd8eb9f5d3b32
- SHA1
  
  dccf9eb963138e9441c21ec4b3a0ab98c1e01b2c
- SHA256
  
  21d3cddb541ddb29ca853e3539e3d30f69cd485c8bdfc273413fd3fb1d221a75
- SHA512
  
  0a0d5185c2631ecdcec2815192b33b1931f0d7f6da921e91b996c761cefeafe4065c2d1a988efe0d48c2f25de3a9768b40347b08afbfb57f8645be4635377d36
- SSDEEP
  
  3072:f0RV1B1oZaeiJQREAO0yuXm06KgaiUahX+ZR4vMYkPFX8zINglUNqel8VQ:ML3oseiQO0yVQq498INtNq3
Score

1^/10
behavioral15 behavioral16
- Target
  
  MCHelp.chm
- Size
  
  1.9MB
- MD5
  
  af823e9c0bc3333165ca5bfbd06dade7
- SHA1
  
  c59bfe809b301175889ad8dfde5d442a08cbe6e5
- SHA256
  
  c2be02b31bd3e75acef3e0449d353dc21d07c4d18bfe38c12b9eaa6a62f8f3a4
- SHA512
  
  9c8bdac64661b3828c07044b72cda86b2f752d29c977a056417e47f6e4066841e5c0e86a634b33e0d318507693b50043fe9c751ac0151e40186f4a9f41d8f9ff
- SSDEEP
  
  49152:uQ2WZkNmnmKDTvCK4QmYFq4tFa/MGjh3wkbB4FlZXh8yu:PkN0DTvC3ETkMGjhgBnXmH
Score

1^/10
behavioral17 behavioral18
- Target
  
  MaxCrypt2.exe
- Size
  
  1.2MB
- MD5
  
  4a136cb2bdcbe899c91b9f4b14a29e4d
- SHA1
  
  11f01eabfafe478b710571b6c1860796e5fabd98
- SHA256
  
  2dc52a17fd429f971f06d1c88a40a1ee23c0d3e7fd4999367d536895c7ebf3d2
- SHA512
  
  cdf86802059c32c26bfffb6b117b1a59d9c59a996d0431dcb29c16462becd109d8e30c7b8e23fdb722a82d5d692eaa9dcc2b89d7900446081456d66ca2bc0751
- SSDEEP
  
  24576:8j1NDdXBH/Kn3Bi+rH0XCDJNVUZtlxF7gGemRw5/NU:OjJK/G6N6PF7gGemqo
Score

8^/10

persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral19 behavioral20
- Target
  
  MaxDelete.dll
- Size
  
  384KB
- MD5
  
  2b19a0405e4b3dc23b29949f5217875b
- SHA1
  
  5e128f5f46de8b7c496655776f9a5dac7b81aa5f
- SHA256
  
  24f8415844a35175564de800d36dba5e5b5bcdf9f2a9418653fc4451c9e2f172
- SHA512
  
  6e02a6057af40f81cfbfb241f2a6cc58d8bdb483af2c7b2b2e830b2dbf56b4702f63244583685116ec5c67e41db9e3c231a22935075eae57f27cc90a275ee1f4
- SSDEEP
  
  6144:kBAa6+dfLYcetJK1aw5oRgw44d188itnqqEP7cM08AJV:Lajdf80dqRgw44d1Atq9TNA3
Score

1^/10
behavioral21 behavioral22
- Target
  
  SysSrvc.exe
- Size
  
  200KB
- MD5
  
  91ade869ff2952bba1e03475f40e0f07
- SHA1
  
  7c8a7798843f122ce74dd3ca2874332de4d73bad
- SHA256
  
  739cfd41b887fdb4d5f467f3cf34b40ba589b1b0a85b11fc68f4320c56629c2e
- SHA512
  
  6ee582e8573064e760a80a5941e23ca6554f4e536f3c3a464564e4f9febf82da8ea717a3f986199b04ae0b8c7a946469ce239c299dba1667a7cd567202185acb
- SSDEEP
  
  3072:tqe7l8jHMLIWOMy+i/j6BOEieIZSmkkUhHraiUqB3ELZh4vM4kPlYnJS/48mlZe+:tHqM0WOL+ib6BOEixbjUvoCnJm48ee+
Score

1^/10
behavioral23 behavioral24
- Target
  
  Updates/update.EXE
- Size
  
  634KB
- MD5
  
  874d9aebc828f4917607f338c92112de
- SHA1
  
  af14252f3bb4f0aa0f34f05e0cb47aa7257f7ef6
- SHA256
  
  0b7b34a3f42fb1a78673e75ca9c787ce3158f8156326df02a3809073ef483994
- SHA512
  
  94b7d575ee2859841823343dfe5c9c122a7a3b554937b135c0301965735c08c442b6cb42910d7f7b79542b07faa47188e38ebab1ede32438d1a1f458fd65e768
- SSDEEP
  
  12288:+jNQkvgZ9NekP920NtaxnBNNFEoCRiICLid2Kja4g3nwCCKF:+xQOgZe2nNWBNYoAumoOa4UwE
Score

1^/10
behavioral25 behavioral26
- Target
  
  uninst.exe
- Size
  
  64KB
- MD5
  
  597e7a53f10cf392c152fb046ed13d14
- SHA1
  
  369101df77cf2bc81cdd95d057cc210cf07e4fb6
- SHA256
  
  f6ed2708ef288df2686a1955481eade496a1bcc308a595d1eafc28ba695bdb31
- SHA512
  
  3161adf313a919a962a8ea7d1feb3905583d0465790bbcbfcc88a49affaf618850ab7063a34a51c80ab3aa1de0dadf5a290cd833cef107faad2017637dba3783
- SSDEEP
  
  1536:rHjLaMv3xnCwNz0DxkJ4l7OCcc/uGKx9PQT1U/T8H:rDeYBCwqDxkJ4xIxsD
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  8be27f3bdec2b49d0a6a674716622304
- SHA1
  
  70d17db576ed484a4c0195571118d307fd4dc1b9
- SHA256
  
  4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47
- SHA512
  
  add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801
- SSDEEP
  
  48:SHdPtcWCeM7etAo1UurdGl4A0h2TpXHWFv+wewzpv1XP3GhaEJ6of2ynh1:I1cWxfzrrh2cFvWwFtS1
Score

3^/10
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Drops file in Drivers directory

Sets service image path in registry

Checks BIOS information in registry

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30