03549221fda4a7822a47b9645e5fb9758a8a0aa6186c2e5b49a224d2e6c985fc | Triage

Submit
Reports

Overview

overview

Static

static

7

03549221fd...fc.exe

windows7-x64

03549221fd...fc.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

03549221fda4a7822a47b9645e5fb9758a8a0aa6186c2e5b49a224d2e6c985fc
Size

42KB
Sample

240309-xns1waff52
MD5

78333e0d588a619627d36f75ed0ab4a7
SHA1

897408c761ea0d49be154f2e3f277b8e78ab0725
SHA256

03549221fda4a7822a47b9645e5fb9758a8a0aa6186c2e5b49a224d2e6c985fc
SHA512

0cbb427919d78cd8782fa04e94f554b5866611e6a678b0081fddefd5dead5501c2d43a84cd4719e658623e719382aa2e827f3bd36e5d572049c8b86c69f44330
SSDEEP

768:gyz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D88888888882:hzOCay4wV339rPjzbpLwRJ9pSdoIX

Score

10^/10

aspackv2 evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

03549221fda4a7822a47b9645e5fb9758a8a0aa6186c2e5b49a224d2e6c985fc.exe

Resource

win7-20240221-en

aspackv2 evasion persistence

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

03549221fda4a7822a47b9645e5fb9758a8a0aa6186c2e5b49a224d2e6c985fc.exe

Resource

win10v2004-20231215-en

aspackv2 evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  03549221fda4a7822a47b9645e5fb9758a8a0aa6186c2e5b49a224d2e6c985fc
- Size
  
  42KB
- MD5
  
  78333e0d588a619627d36f75ed0ab4a7
- SHA1
  
  897408c761ea0d49be154f2e3f277b8e78ab0725
- SHA256
  
  03549221fda4a7822a47b9645e5fb9758a8a0aa6186c2e5b49a224d2e6c985fc
- SHA512
  
  0cbb427919d78cd8782fa04e94f554b5866611e6a678b0081fddefd5dead5501c2d43a84cd4719e658623e719382aa2e827f3bd36e5d572049c8b86c69f44330
- SSDEEP
  
  768:gyz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D88888888882:hzOCay4wV339rPjzbpLwRJ9pSdoIX
Score

10^/10

aspackv2 evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2evasionpersistence

behavioral2

aspackv2evasionpersistence

© 2018-2025

Terms | Privacy