8de128d2fff187d5688ec49d3546b692ae9ca978a8bb860a34600fa7168223d0 | Triage

Sharing

General

Target

c903194d16f0f498ac4634fd3abc1a0a
Size

1.4MB
Sample

240314-ta2jbagb71
MD5

c903194d16f0f498ac4634fd3abc1a0a
SHA1

0b8ecc8a9a178d521a767762364c1f4b0f14a151
SHA256

8de128d2fff187d5688ec49d3546b692ae9ca978a8bb860a34600fa7168223d0
SHA512

7b1278f989672d39a8def223225719fafff353ba0644dc9345f473ad8154206bafb44d636659d2011476021db27046c4a396284e893c2d19be828338ab1720f6
SSDEEP

24576:mbYU9b03izz9FBENPYjFcFko9qYQTKy2tzmE8sH3bRZuEW4Bs9JgmoEnRrwc:VU0ilFMPYmCo9NaHnsH3bTuLWuJ7VnR8

Score

10^/10

aspackv2 evasion persistence trojan

Malware Config

Targets

- Target
  
  c903194d16f0f498ac4634fd3abc1a0a
- Size
  
  1.4MB
- MD5
  
  c903194d16f0f498ac4634fd3abc1a0a
- SHA1
  
  0b8ecc8a9a178d521a767762364c1f4b0f14a151
- SHA256
  
  8de128d2fff187d5688ec49d3546b692ae9ca978a8bb860a34600fa7168223d0
- SHA512
  
  7b1278f989672d39a8def223225719fafff353ba0644dc9345f473ad8154206bafb44d636659d2011476021db27046c4a396284e893c2d19be828338ab1720f6
- SSDEEP
  
  24576:mbYU9b03izz9FBENPYjFcFko9qYQTKy2tzmE8sH3bRZuEW4Bs9JgmoEnRrwc:VU0ilFMPYmCo9NaHnsH3bTuLWuJ7VnR8
Score

10^/10

aspackv2 evasion persistence trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aspackv2evasionpersistencetrojan

behavioral2

aspackv2evasionpersistencetrojan