6d7eb9cde56653d9b4f0fb9542cbd2a3bf79ff3a50549fa8efa0547e3657399e | Triage

Submit
Reports

Overview

overview

Static

static

7

a16a0c039e...67.exe

windows7-x64

a16a0c039e...67.exe

windows10-2004-x64

Sharing

General

Target

a16a0c039e34bdb00cfbda7f1192ce67
Size

42KB
Sample

240224-kd1xhsfc4z
MD5

a16a0c039e34bdb00cfbda7f1192ce67
SHA1

fff86f196483d3991abc9b36cb250b200673ecf0
SHA256

6d7eb9cde56653d9b4f0fb9542cbd2a3bf79ff3a50549fa8efa0547e3657399e
SHA512

e0bc1e972d3b771764b0452e427a0e76e2da9075bf28df334adb46c70959b6fb1ef126b8da1cb30fd0042be890e57bf3beb846bd1029f07d9554b8ae069a9d10
SSDEEP

768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888Y:BzOCay4wV339rPjzbpLwRJ9pSdoIB

Score

10^/10

aspackv2 evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a16a0c039e34bdb00cfbda7f1192ce67.exe

Resource

win7-20240215-en

aspackv2 evasion persistence

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

a16a0c039e34bdb00cfbda7f1192ce67.exe

Resource

win10v2004-20240221-en

aspackv2 evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  a16a0c039e34bdb00cfbda7f1192ce67
- Size
  
  42KB
- MD5
  
  a16a0c039e34bdb00cfbda7f1192ce67
- SHA1
  
  fff86f196483d3991abc9b36cb250b200673ecf0
- SHA256
  
  6d7eb9cde56653d9b4f0fb9542cbd2a3bf79ff3a50549fa8efa0547e3657399e
- SHA512
  
  e0bc1e972d3b771764b0452e427a0e76e2da9075bf28df334adb46c70959b6fb1ef126b8da1cb30fd0042be890e57bf3beb846bd1029f07d9554b8ae069a9d10
- SSDEEP
  
  768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D8888888888Y:BzOCay4wV339rPjzbpLwRJ9pSdoIB
Score

10^/10

aspackv2 evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2evasionpersistence

behavioral2

aspackv2evasionpersistence

© 2018-2025

Terms | Privacy