ad272132970772ec9c1cf693f5aaee542a68c0f849d1b2eaaeebd0abf78e567a | Triage

Sharing

General

Target

e10e53b69f3cf5aa2da1c451d3cbd749
Size

5.3MB
Sample

240327-hrekbseh84
MD5

e10e53b69f3cf5aa2da1c451d3cbd749
SHA1

8f7aba1a4cf900be323d90ee55313e4133ac1ad3
SHA256

ad272132970772ec9c1cf693f5aaee542a68c0f849d1b2eaaeebd0abf78e567a
SHA512

25bf903764072a9f744f10edea0fbf245978385e9e84dbae72ac8bc88d9a1bbf9cc046179f443e5f2aba67efada979015cafc521f1651c2cb7381746601220c6
SSDEEP

98304:zRaR24P62XGECl+ZheBLf/K18aJUwIikPU8BDWEIGtuE4N7oDH6kMYBDmag76cCi:zRa0W62XGECUZhedfSrk8kDsG60DakMn

Score

7^/10

aspackv2 bootkit persistence

Malware Config

Targets

- Target
  
  PluginsAndCOM/COM-Interface/VB5/0-AppVersion/Form1.frm
- Size
  
  1KB
- MD5
  
  45bcc8045e7e43e190804c78b693ac61
- SHA1
  
  b145b7ab4ad71dd835689cb57684c5433df079d4
- SHA256
  
  cf9af78782d743dc3bfda1229900c489044affe3b10fd3ec0fce6ca10de44370
- SHA512
  
  7aa181b818e1ad815cf99d82f3300309b94330540f05bddd8cbc04b043b82f065bbd3ffe3abe4eb97329ca92860748798eaf7f2f07992a196a746d94e1b97f54
Score

1^/10
behavioral1 behavioral2
- Target
  
  PluginsAndCOM/COM-Interface/VB5/1-Files/Form1.frm
- Size
  
  7KB
- MD5
  
  7b5cce9eefd41d60a24b5e8396dfb9e4
- SHA1
  
  72d0616f849902b3b96b7a57bdb75c4c0116f1f9
- SHA256
  
  cdc4cb665ad940e72af98dbe1b6394e923a88da63cb3e509ba3df0c42b57aeff
- SHA512
  
  6e22ba84f4d23a1c92cfbd53fafe9a9dfc4f49e1167716dcfa13ca1641e897b2d2f2d1309366b2b555f88c734cba7f15472b5ce0ebc87f22a6df30adead27340
- SSDEEP
  
  48:tEiAKLl/75LH/NwQ/HwJGWPl4qlpS7ZlILlP7Jl3SQl7/UlNklFHARKeLlFHQUXQ:tVjxpH/Mhx03uuEhsU6Y/s/c/0/RESU7
Score

1^/10
behavioral3 behavioral4
- Target
  
  PluginsAndCOM/COM-Interface/VB5/2-Nodes/Form1.frm
- Size
  
  8KB
- MD5
  
  591f78b0a42cc5751ea0768d13915ad6
- SHA1
  
  56842fa8063768677b080dd0a06dbe4f1c375d1b
- SHA256
  
  f2dd4b1015ea2340299c6ed7fd08173c43a2c18d6f27fc7fb3460d3ff63648e4
- SHA512
  
  2a9f797db3e28174ba56340e16e400837aa1e0685876b78f7c1fa0ebb67052a27473742425a89e59733bf9508898002c80aa30d33e756958fc3555d104d0977f
- SSDEEP
  
  192:rWXlLVo/PWsUSY/s/8/0/N0/yS/7d1JQr184K:r6lRw5US10/R
Score

1^/10
behavioral5 behavioral6
- Target
  
  PluginsAndCOM/COM-Interface/VB5/3-Data/Form1.frm
- Size
  
  8KB
- MD5
  
  f5d28759ebfa6d051915212c57cea287
- SHA1
  
  fa2286a735d414577f5e54e57495b62ab54c9dac
- SHA256
  
  6e4adc63a60657a57da3b050362d4f54d945637838673067c7a3a0f5b0147a98
- SHA512
  
  6f19e507d0336afd17656eb158ce98d9bb6d9f34045d467b1ad79be8fc8f765eceb2936580482602797bf827417a5bc738f651b615bd78c59611903f43b400cb
- SSDEEP
  
  192:rzYLVg/w/n3sUSY/s/8/0/N0/yS/KLrd1H5cvHV:rzYR1cUS10/Sl1Zc
Score

1^/10
behavioral7 behavioral8
- Target
  
  PluginsAndCOM/Plugins/Demo/DemoPlug.dll
- Size
  
  200KB
- MD5
  
  9024c60bc32ad5b737b567d2076aebd9
- SHA1
  
  2183ef7959d9d3c6157208bc2d1850a3c7cd4c7b
- SHA256
  
  827d22fa74e296c537ad886d5fddeb6d029b2740c3eea40c938a35dd7ab94a4d
- SHA512
  
  5e8c44c1b9f00feb00df64ef064dde2fe0ca4939baf99fb5475225c1f5e8c7cbafd7cd6fe885932ad0b12e9782f8b65208706982f8c88013d1a597475760edae
- SSDEEP
  
  3072:Zdz8pxd6Ln9ZjMOOEIEyQ8df/NuEjRZDGKxj1IR1gFzqXq2Y0HKDw7aqLnE1oOSH:uxd6D7PXSdf/Y2Saj1IRYzqrqkzE1t
Score

1^/10
behavioral10 behavioral9
- Target
  
  RestoreSettings.bat
- Size
  
  156B
- MD5
  
  bc2e2382a966605bc3846989a276dc4f
- SHA1
  
  dd1920f15232e5ed9103161f8825519431182766
- SHA256
  
  9ae680671546aeb5a73163e6fdfce628d201a1e224f3cec18a1252509ad6eae4
- SHA512
  
  e96179071a6494dc8c991692fbd7dc91c6519c88ba9b2649bc9748ec4a0a624584bd5fede331a4a18340b2db6668b2f51ccb36aff3b4808007ce6ea6457abb73
Score

1^/10
behavioral11 behavioral12
- Target
  
  SaveSettings.bat
- Size
  
  211B
- MD5
  
  28ad19cb3f03c4349c1f9dfcba13a12c
- SHA1
  
  08c4cde3d101ad11b121d215a74b460d380227ce
- SHA256
  
  6a35fe58e0a775c3878ca2f2b47ddb91e77ebc5bd483d9fc094452659de2ee9b
- SHA512
  
  277d8ab8f65764c55bb93c38765ae08bb98a40a03e69a3b3e5d2755ffaf790c14fd310fcc94ca6066802d3c64433b7e6551d219941dc49789efe43cf82cdd52f
Score

1^/10
behavioral13 behavioral14
- Target
  
  WinOrganizer.chm
- Size
  
  1.2MB
- MD5
  
  1068a03722764b1073bb379eccdc5a32
- SHA1
  
  5a905684be9202f21a79842053a103b2928d8021
- SHA256
  
  9f88032067742e0e944d499696b7b13e669964ab921a5f0fb126d5c9128d7e73
- SHA512
  
  ddc962d8ef5b3d63b78e193704f27cb6980ddab44d8273b7ef58ce18b23e3937d143808e38901b30bdc4d0cfeb5930d14f64d452395c5675f580484e73b9deb0
- SSDEEP
  
  24576:0SGvAf63ODhNGCeI9aFYzBblzqOwcxyBpo42Mla7o1O7SJYZov:Yvg6eF/oY1BuPcmpo4Ta4OtZov
Score

1^/10
behavioral15 behavioral16
- Target
  
  WinOrganizer.exe
- Size
  
  2.9MB
- MD5
  
  8ec0aef5e8529f44c4a27da7737359ba
- SHA1
  
  14dcc90c1fd6e2da9051285e75d81172eb84070a
- SHA256
  
  06c16a5cf9bd5f8e0d3a60993738c332b5f35de26d93aedf4316a873d78cc3af
- SHA512
  
  11bcd91dcad97ed6dd0887a24e4e3474d27d0605896a2e6f71dd1b3f517933fc5d4874fea97c34781b53b7dfb8bc3ce8bf32ebb43008dd5edbad31bc83f08917
- SSDEEP
  
  49152:+dMFrLc272i+g78yp1NLSIMg0LuIugLso9xkWCFXMeYhT2A9eH5mnIAB1ZKT:+i9I27mM8ytSIMg06IugLj9sF83ad5mO
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17 behavioral18
- Target
  
  安装说明.url
- Size
  
  260B
- MD5
  
  ed83e978f409fcebba2825b084f2c140
- SHA1
  
  4548b5565354024dff5f387fa825fce7d11e67fe
- SHA256
  
  ac996e7c6b803289cbb4eb6cd62cc7e63dcd456aa18dd7fa88aed066b06218ac
- SHA512
  
  2257a6118aac1a6368749357433e037798d1765dee71addb73fa3e98b27335bf7000786a0814d6a5b3a5f63eb25f13e49559da8e192f48dd230d1c344763a377
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

bootkitpersistence

behavioral18

behavioral19

behavioral20